ASP.NET MVC 2.0, here's my auth code:
[AcceptVerbs(HttpVerbs.Post)]
public ActionResult Login(string username, string password, string returnUrl) {
if (ModelState.IsValid) {
// Attempt to login
var loginSuccessful = provider.ValidateUser(username, password);
if (loginSuccessful) {
FormsAuthentication.SetAuthCookie(username, true);
if (!String.IsNullOrEmpty(returnUrl))
return Redirect(returnUrl);
return RedirectToAction("Index", "Home");
}
}
return View(Language + "/Login", Vd);
}
Pretty much straight default authentication. Works fine for logging in. However, IE users get auto logged off randomly, even while they're 开发者_StackOverflowactive on the site. Other browsers work fine. Here's the forms auth from web.config:
<authentication mode="Forms">
<forms loginUrl="~/en/Account/Login" timeout="2880"/>
</authentication>
Where do I begin to look in this case? Have I found a bug?
As far as I can see everything seems fine, however, could your issue be something to do with your use of a persistent cookie? I think persistent cookies are not meant to timeout, which is why you might be using them.
Try using a non-persistent one instead, and see if that works:
FormsAuthentication.SetAuthCookie(username, false);
Also, a few others notes of interest:
- I think that the timeout attribute in a web.config is specified in minutes. You've specified more than 2000 minutes.
- By default, sliding expiration is disabled, so after n minutes it will timeout anyway. If this isn't what you want, then add a
slidingExpiration="true"
entry onto your<forms/>
element in the web.config.
What kind of session mode are you using-in process or out of process? If you are using in process with non-persistent cookie and the application pool recycles, then session is lost.
精彩评论