先不说别的,直接贴代码吧.
这个是在验证时候的代码:
View Code
View Code
1 if (FormsAuthentication.SlidingExpiration)
2 {
3 ticket = FormsAuthentication.RenewTicketIfOld(tOld);
4 }
View Code
1 public static FormsAuthenticationTicket RenewTicketIfOld(FormsAuthenticationTicket tOld) 2 { 3 if (tOld == null) 4 { 5 return null; 6 } 7 DateTime now = DateTime.Now; 8 TimeSpan span = (TimeSpan) (now - tOld.IssueDate); 9 TimeSpan span2 = (TimeSpan) (tOld.Expiration - now); 10 if (span2 > span) 11 { 12 return tOld; 13 } 14 return new FormsAuthenticationTicket(tOld.Version, tOld.Name, now, now + (tOld.Expiration - tOld.IssueDate), tOld.IsPersistent, tOld.UserData, tOld.CookiePath); 15 } 16 17 18 19
如上面所示,对于滑动过期策略,会在有效期过了一半的时候,重新生成新的票据,那么,问题就来了,如果我开始登陆的时候,设置的有效期很长,比如480分钟,我登录了,但是现在因为别的原因,设置成了1分钟,那么,我仍然在这480分钟内是有效的? 虽然,这个好像无伤大雅,呵呵.
改成如下?
View Code
if (DateTime.Now.AddMinutes(FormsAuthentication.Timeout / 2) > tOld.Expiration) { ticket = FormsAuthentication.RenewTicketIfOld(tOld); }