表单认证超时与sessionState超时(Forms authentication timeout vs sessionState timeout)

表单认证超时与sessionState超时(Forms authentication timeout vs sessionState timeout)

我有代码，我正在查看网站的会话超时。 在web.config中我遇到了这个代码。

<authentication mode="Forms"> <forms loginUrl="~/Auth/SignOn.aspx" timeout="40" slidingExpiration="true" /> </authentication> <sessionState timeout="30" />

有没有人知道一个人是否先于另一个，以及它们是如何不同的。 谢谢。

I have code that i am looking through regarding session time outs of the website. In the web.config i came across this code.

<authentication mode="Forms"> <forms loginUrl="~/Auth/SignOn.aspx" timeout="40" slidingExpiration="true" /> </authentication> <sessionState timeout="30" />

Does anyone know if one takes precedent over the other, and how they are different. Thanks.

最满意答案

他们是不同的东西 表单验证超时值设置认证cookie设置为有效的时间（以分钟为单位），这意味着，在分钟数之后，cookie将过期，用户将不再被认证 - 它们将被重定向到自动登录页面。 slidingExpiration=true值基本上是说，在每次请求完成后，定时器被复位，只要用户在超时值内提出请求，它们将继续被认证。 如果设置slidingExpiration=false ，则无论用户是否在超时值内发出请求，认证cookie将在value分钟后到期。

SessionState超时值设置会话状态提供者在特定会话中保存内存（或正在使用的任何后台存储，SQL Server，OutOfProc等）中的数据所需的时间。 例如，如果您使用示例中的值在Session中放置一个对象，则此数据将在30分钟后被删除。 用户仍然可以被认证，但会话中的数据可能不再存在。 每次请求后， Session Timeout值始终重置。

They are different things. The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after value number of minutes, the cookie will expire and the user will no longer be authenticated - they will be redirected to the login page automatically-. The slidingExpiration=true value is basically saying that after every request made, the timer is reset and as long as the user makes a request within the timeout value, they will continue to be authenticated. If you set slidingExpiration=false the authentication cookie will expire after value number of minutes regardless of whether the user makes a request within the timeout value or not.

The SessionState timeout value sets the amount of time a Session State provider is required to hold data in memory (or whatever backing store is being used, SQL Server, OutOfProc, etc) for a particular session. For example, if you put an object in Session using the value in your example, this data will be removed after 30 minutes. The user may still be authenticated but the data in the Session may no longer be present. The Session Timeout value is always reset after every request.