asp.net core cookies认证过期时间
2021-03-05 09:29
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, option => { //系统默认无指定 Authorize 跳转登录 option.LoginPath = new PathString("/Login"); //设置登陆失败或者未登录授权的情况下,直接跳转的路径这里 option.AccessDeniedPath = new PathString("/Error/Forbidden"); //没有权限时的跳转页面 //设置cookie只读情况 option.Cookie.HttpOnly = true; //cookie过期时间 //option.Cookie.Expiration = TimeSpan.FromSeconds(10);//此属性已经过期忽略,使用下面的设置 option.ExpireTimeSpan = new TimeSpan(1, 0, 0);//默认14天 });
app.UseAuthentication(); app.UseAuthorization();
具体微软链接:
https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.cookies.cookieauthenticationoptions.cookie?view=aspnetcore-3.0
determines if the browser should allow the cookie to be accessed by client-side javascript. The default is true, which means the cookie will only be passed to http requests and is not made available to script on the page.
is currently ignored. Use ExpireTimeSpan to control lifetime of cookie authentication.
参考文档:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?tabs=aspnetcore2x&view=aspnetcore-3.0