asp.net mvc - Cookie expires or session timeout too soon -

-

I have code that is run when user is authorized: 

  FormsAuthenticationTicket authTicket = New form authenticationTicket (1, email, date time.Now, date time.Now additional minutes (120), true, userdata); String Encaket = Formatting. Encrypt (authTicket); HttpCookie faCookie = New HttpCookie (form authentication.formcookname, encrypt); FaCookie.Expires = authTicket.Expiration; Response.Cookies.Add (faCookie);   
 Then I redirect to an Administrator / Action that has the Authorization feature:  
  [Authorized] Public class Product Controller: Controller {  
 I have the web The config has the following:  
  & lt; Authentication mode = "form" & gt; & Lt; Form log in url = "~ / home / unauthorized" timeout = "2880" /> & Lt; / Authentication & gt; & Lt; sessionState timeout = "120" & gt; & Lt; / SessionState & gt;   
 Although the users are complaining of the session deadline or after a few minutes of inactivity, the home / unauthorized redirects are done.  
 What can be done with it, what else should I check?  
 
 
 
 Before I'm expiring your login time, before going into a possible solution Ideas First, the formification cookie and session place are two completely different things completely completely. You may not have one or the other, or both, or consequently, the expiration for these two items is also not related.  
 The FormsAuthentication cookie is an encrypted cookie that contains some basic information such as usernames and end values A user has been certified to find out if the user is authorized for some resources or not, then this cookie uses this cookie.  
 What is the encryption and decryption of the form accreditation cookie for that web application on IIS. There is a set of keys used to encrypt and decrypt machine's cookie by default, on IIS A web application is set to automatically generate the key of the machine. This means that when an app starts, a random machine key is generated. If an app is recycle, you get the key of a new machine. In addition, if you are hosting on a shared provider, then the web host will usually balance your app load, which means more than one server is hosted. Each of those servers will automatically generate a machine key.  
 If your web application is on a loaded landscape, then each machine in the web field can not decrypt another's encrypted cookie, it will present the presence of "log out". The example of this is logging on Web Server A, then a subsequent request goes to the web server. Web server B does not share a machine key with Web server A and can not decrypt the cookie, the user can be sent back to the login page.  
 Solutions Your Web To define the mechanism of the machine in config, so will use the same key of each instance of the IIS and recycle the application pool as well, even if you have the same machine key. > 
 Here is one that you can put in your web.config  
  & lt; System.web & gt; & Lt; machineKey validationKey = "EBC1EF196CAC273717C9C96D69D8EF314793FCE2DBB98B261D0C7677C8C7760A3483DDE3B631BC42F7B98B4B13EFB17B97A122056862A92B4E7581F15F4B3551" decryptionKey = "5740E6E6A968C76C82BB465275E8C6C9CE08E698CE59A60B0BEB2AA2DA1B9AB3" validation = "SHA1" decryption = "AES" / & gt; & Lt; /system.web> The additional consideration is that your web (120) do not match for your termination in conif (2880) and to actually set the duration of the closing. You want them to match both.

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
Read more

java - Why my included JSP file won't get processed correctly? -

-
I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
Read more