更改ASP.NET会话状态cookie的过期时间

我建议您使用FormsAuthentication跟踪登录的用户。您可以使用持久的FormsAuthenticationCookie来实现您想要的。

或者如果您真的想使用会话状态,请尝试 this technique

public void Application_PostRequestHandlerExecute(object sender, EventArgs e)
{
    UpdateSessionCookieExpiration();
}

/// <summary>
/// Updates session cookie's expiry date to be the expiry date of the session.
/// </summary>
/// <remarks>
/// By default, the ASP.NET session cookie doesn't have an expiry date,
/// which means that the cookie gets cleared after the browser is closed (unless the
/// browser is set up to something like "Remember where you left off" setting).
/// By setting the expiry date, we can keep the session cookie even after
/// the browser is closed.
/// </remarks>
private void UpdateSessionCookieExpiration()
{
    var httpContext = HttpContext.Current;
    var sessionState = httpContext?.Session;

    if (sessionState == null) return;

    var sessionStateSection = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
    var sessionCookie = httpContext.Response.Cookies[sessionStateSection?.CookieName ?? "ASP.NET_SessionId"];

    if (sessionCookie == null) return;

    sessionCookie.Expires = DateTime.Now.AddMinutes(sessionState.Timeout);
    sessionCookie.HttpOnly = true;
    sessionCookie.Value = sessionState.SessionID;
}

此代码可以插入 Global.asax.cs

猜测一下:也许在web.config中编辑session.configuration可以改变cookie的过期时间?你可以看看 here

我认为试图让会话长时间保持活动状态是错误的方法,并限制了您的可伸缩性。会话cookie指向服务器上由IIS维护的特定会话。一般来说,你 希望 会话在用户关闭浏览器后关闭,以便不占用非活动用户的所有可用服务器资源。您需要关闭离开用户的会话,并将资源提供给新到达的用户。这就是会话cookie过期的原因。

如果您想在用户关闭浏览器后保持某些用户状态,您可以随时查看 Profile . 或者,如果这是针对购物车之类的东西,您可以将您的购物车保存在数据库中,然后在用户再次登录时将其重新连接到用户。

汤姆的回答几乎对我有用,除了把cookie转换成一个变量并设置它的属性。我必须像这样直接设置对象的属性:

HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Expires = expiryDate;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].HttpOnly = true;
HttpContext.Current.Response.Cookies["ASP.NET_SessionId"].Value = sessionState.SessionID;