asp.net – 控制FormsAuthentication createPersistentCookie到

<system.web>
    <authentication mode="Forms">
          <forms timeout="20160"/>
    </authentication>
</system.web>

超时时间为几分钟.

此超时值与您是否创建持久性Cookie无关.它只是说如果没有明确终止cookie(FormsAuthentication.SignOut),它将在给定的时间段后自动过期.

换句话说,如果你这样做：

FormsAuthentication.SetAuthCookie(someMembershipName,false);

会导致Cookie到期时间：

>用户关闭浏览器,或
>达到超时.

相反如果你这样做：

FormsAuthentication.SetAuthCookie(someMembershipName,true);

将导致cookie只有到达超时时才到期.

HTH

编辑：

从MSDN开始：

超时属性描述如下：

Specifies the time,in integer
minutes,after which the cookie
expires. If the SlidingExpiration
attribute is true,the timeout
attribute is a sliding value,expiring
at the specified number of minutes
after the time that the last request
was received. To prevent compromised
performance,and to avoid multiple
browser warnings for users who have
cookie warnings turned on,the cookie
is updated when more than half of the
specified time has elapsed. This might
cause a loss of precision. The default
is “30” (30 minutes).

Note Under ASP.NET V1.1 persistent
cookies do not time out,regardless of
the setting of the timeout attribute.
However,as of ASP.NET V2.0,
persistent cookies do time out
according to the timeout attribute.

换句话说,此过期设置仅处理Forms Authentication cookie.

表单验证cookie是一个客户端cookie,它与您可能拥有的其他服务器端会话无关(即购物车).

该会话已过期,并显示以下设置：

<sessionstate 
      mode="inproc"
      cookieless="false" 
      timeout="20"