n framework 1.0/1.1, setting IsPersistent to true would set an expiration of 50 years to the cookie.
In version 2.0 it was changed so the expiration of the cookie matches
the form authentication timeout attribute. So you can set IsPersistent
to true but the cookie will always expire after the form authentication
timeout period.
Your code does the trick if you want long expiration period without modifying forms authentication timeout.
edit: I've downloaded your sample and replaced your cookie code with
FormsAuthentication.SetAuthCookie(model.UserName, true);
And it's working as expected: with two days configured as your form timeout, my cookie will expire in two days.
反编译之后发现,被其他方法调用
https://github.com/microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs#L515
if (formsAuthenticationTicket.IsPersistent)
{
httpCookie.Expires = formsAuthenticationTicket.Expiration;
}
public DateTime Expires { get; set; }
public DateTime Expiration { get; }
If the FormsAuthenticationTicket is created using the FormsAuthenticationTicket(String, Boolean, Int32) constructor that does not supply a parameter for an expiration date and time, the Expiration property returns a value based on the current local date and time plus the value of the timeout parameter supplied to the constructor.
public FormsAuthenticationTicket (string name, bool isPersistent, int timeout);
If the FormsAuthenticationTicket was created using a constructor that takes an expiration parameter, the Expiration property returns the value supplied to the expiration parameter.
public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData);
public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData, string cookiePath);
Thanks for submitting an edit. It is only visible to you until it’s been
approved by trusted community members
Because you are manually creating the authentication cookie, the timeout value in your web.config is completely ignored. So I would recommend you having the same value:
var ticket = new FormsAuthenticationTicket(
1,
user.UserID,
DateTime.Now,
DateTime.Now.Add(FormsAuthentication.Timeout),
false,
"user,user1",
FormsAuthentication.FormsCookiePath
);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true,
Secure = FormsAuthentication.RequireSSL,
Path = FormsAuthentication.FormsCookiePath,
Domain = FormsAuthentication.CookieDomain
};
Response.AppendCookie(cookie);
