Cookie expiry in ASP.NET Core 2.0 with Identity

2019-04-10 21:15发布

站内文章 / 前端开发
19 0 0

问题:

Environment: ASP.NET Core 2.0, Identity with cookies.

In Startup.ConfigureServices() there is this:

services.ConfigureApplicationCookie(options => {
  options.ExpireTimeSpan = TimeSpan.FromDays(14);
  options.Cookie.Expiration = TimeSpan.FromDays(14);
});

The first is from CookieAuthenticationOptions. The second is from CookieBuilder. The docs also mention Microsoft.AspNetCore.Http.CookieOptions.Expires (though it's not available in that lambda).

What is the difference between these? What is the correct way to set an expiry time in Core2?

回答1:

The following is what I am using to set the expiry for the cookie in a test application that I use.

public class Startup
{
    ...

    // This method gets called by the runtime. Use this method to add services to the container
    public void ConfigureServices(IServiceCollection services)
    {
        // Add framework services.
        ...

        ...  // before services.AddMvc();!
        services.AddAuthentication().AddCookie(options => {
            options.Cookie.Expiration = TimeSpan.FromDays(14);
            options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
            options.Cookie.Name = "MyCookieName";
            options.LoginPath = "/Account/Login";
            options.AccessDeniedPath = "/Account/Forbidden";
        });

        // OR Perhaps, this could be what you need
        services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.Expiration = TimeSpan.FromDays(150);
            options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
            options.Cookie.Name = "MyCookieName";
            options.LoginPath = "/Account/Login";
            options.AccessDeniedPath = "/Account/Forbidden";
        });
        ...
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        ... // before app.UseMvc();!
        app.UseAuthentication();
        // WAS -> app.UseCookieAuthentication();
        ...
    }
    ...
}

I think this should get you going in the right direction.

This works for me, and I haven't noticed any issues yet. Although, it's only been a couple of weeks since the Core 2.0 RTM. :)

Hope this helps.



回答2:

This code workds for me. Only second block changes cookie expiration

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            // Cookie settings
            options.Cookie.HttpOnly = true;
            options.Cookie.SameSite = SameSiteMode.Strict;
            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
            options.LoginPath = "/Account/Login";
            options.LogoutPath = "/Account/Logout";
            options.AccessDeniedPath = "/Account/AccessDenied";
        });

        services.ConfigureApplicationCookie(options =>
        {
            // Cookie settings, only this changes expiration
            options.Cookie.HttpOnly = true;
            options.Cookie.Expiration = TimeSpan.FromDays(150);
            options.ExpireTimeSpan = TimeSpan.FromDays(150);
        });


标签: asp.net .net asp.net-core asp.net-identity asp.net-core-2.0
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~