![]() |
#2
wangnannan2014-01-03 11:25
你这个forms验证 cookie时间不应该这样设置
登录页面 写入COOKIE 设置有效期 给你个我写的例子 ![]() <authentication mode="Forms"> <forms loginUrl="login.aspx" defaultUrl="~/Default.aspx" slidingExpiration="true" name="login_account"> </forms> </authentication> <authorization> <deny users="?"/> </authorization> ![]() /// <summary> /// 执行用户登录操作 /// </summary> /// <param name="loginName">登录名</param> /// <param name="userData">与登录名相关的用户信息</param> /// <param name="expiration">登录Cookie的过期时间,单位:分钟。</param> public void SignIn(string loginName, User userData, int expiration) { //把需要保存的用户数据转成一个字符串。 string data = null; if( userData != null ) data = (new JavaScriptSerializer()).Serialize(userData); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, loginName, DateTime.Now, DateTime.Now.AddDays(1), true, data); //加密cookie string HashTicket = FormsAuthentication.Encrypt(ticket); //根据加密结果创建登录Cookie HttpCookie UserCookie = new HttpCookie(FormsAuthentication.FormsCookieName, HashTicket); UserCookie.HttpOnly = true; UserCookie.Secure = FormsAuthentication.RequireSSL; UserCookie.Domain = FormsAuthentication.CookieDomain; UserCookie.Path = FormsAuthentication.FormsCookiePath; if (expiration > 0) UserCookie.Expires = DateTime.Now.AddMinutes(expiration); HttpContext context = HttpContext.Current; if (context == null) throw new InvalidOperationException(); // 写登录Cookie context.Response.Cookies.Remove(UserCookie.Name); context.Response.Cookies.Add(UserCookie); if (Context.Request["ReturnUrl"] != null) { Response.Redirect(Context.Request["ReturnUrl"]); } else { Response.Redirect(FormsAuthentication.DefaultUrl); } } |
下面是配置文件...急呀。。谢谢,准备要上线了。。。
<?xml version="1.0"?>
<configuration>
<appSettings>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="false"/>
<!-- 数据库连接字符串,(如果采用加密方式,上面一项要设置为true;加密工具,可在官方下载,
如果使用明文这样server=127.0.0.1;database=.....,上面则设置为false。 -->
<add key="ConnectionString" value="xxx;database=xxx;uid=sa;pwd=sa"/>
<!--虚拟目录名称(如果是站点,则为空) -->
<add key="VirtualPath" value=""/>
<!--登录页地址 -->
<add key="LoginPage" value="admin/Login.aspx"/>
<!--默认菜单是否是展开状态-->
<add key="MenuExpanded" value="false"/>
<!--实体对象内容缓村的时间(分钟)-->
<add key="ModelCache" value="30"/>
</appSettings>
<connectionStrings>
<add name="connString" connectionString="server=xxx;uid =sa;pwd =sa;database =xxx"/>
</connectionStrings>
<system.web>
<sessionState mode='StateServer'
stateConnectionString='tcpip=127.0.0.1:42424'
sqlConnectionString="Data Source=xxx;Initial Catalog=ASPState;User ID=sa;Password=sa;"
allowCustomSqlDatabase="true"
sqlCommandTimeout="10"
cookieless='false'
timeout='120'/>
<httpRuntime executionTimeout="3600" maxRequestLength="1048576"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
<!--<customErrors mode="Off"/>-->
<customErrors mode="RemoteOnly" defaultRedirect="~/ErrorPage/GenericErrorPage.htm">
<error statusCode="403" redirect="~/ErrorPage/NoAccess.htm" />
<error statusCode="404" redirect="~/ErrorPage/FileNotFound.htm" />
</customErrors>
<identity impersonate="true"/>
<authentication mode="Forms">
<forms name="forums" loginUrl="/Admin/Login.aspx" protection="All" timeout="480"></forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
<controls>
<add tagPrefix="CKEditor" assembly=" namespace="
</controls>
</pages>
<httpModules>
<add name="MyHttpModule" type="HL., HL., Version=3.5.0, Culture=neutral"/>
</httpModules>
<trace enabled="true" pageOutput="false"/>
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear/>
<add value="Default.aspx"/>
<add value="Default.htm"/>
<add value="Default.asp"/>
</files>
</defaultDocument>
<httpErrors errorMode="Detailed"/>
</system.webServer>
</configuration>