FedAuth cookie set to expire only 10 hours after creation
https://sharepoint.stackexchange.com//questions/32676
-
08-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian質問
I've written a custom login script for my Forms Based Authentication SharePoint 2010 Server website, which allows my users to enter credentials for one of our products, and map them to a FBA user account. Using the code below I then log the user in.
System.IdentityModel.Tokens.SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url), Membership.Providers["FBAMembershipProvider"].Name, Roles.Providers["FBARoleProvider"].Name, FBAUserName, FBAPassword);
SPFederationAuthenticationModule.Current.SetPrincipalAndWriteSessionToken(token);
I'm finding that the FedAuth cookie that SharePoint creates is being set to expire in only 10 hours (I logged in and the cookie was created at 16:45 Central, and it expires at 7:47am GMT).
Is there a way to increase the expiration to the fairly standard 30 days?
Also, using this code I was unable to find a way to allow a "keep be logged in" checkbox on my form, so the user is, I believe, always logged in, albeit for around 10 hours.
Any advice I can get would be appreciated.
解決
search cookieHandler in web.config of your webapplication, then add the persistentSessionLifetime property:
<cookieHandler mode="Custom" path="/" persistentSessionLifetime="1.0:0:0">
it seams the property just have effect on the regular cookie expire time, sharepoint write it's own token life time in the FedAuth cookie value.
try to run this codes in powershell (sharepoint management shell) to set the token life time.
$exprie = 60*24*31 # 31 days
Set-SPSecurityTokenServiceConfig -FormsTokenLifetime $exprie
iisreset
blow is the code to get the token life time from local cookie
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Xml;
using System.Net;
using System.Runtime.InteropServices;
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
var cookie = GetCookie("http://ericinbj-dev").Replace(' ', '+').Substring(8);
var decodedCookie = Decode(Convert.FromBase64String(cookie));
var time = new DateTime(long.Parse(decodedCookie.Split(',')[1]));
Console.WriteLine(time.AddYears(1600)); // don't know why, the time decode from cookie was 1600 yeas ago ...
Console.Read();
}
internal static string Decode(byte[] token)
{
string decodedCookie = null;
if (token != null)
{
using (XmlReader reader = XmlDictionaryReader.CreateTextReader(token, XmlDictionaryReaderQuotas.Max))
{
using (XmlReader reader2 = XmlDictionaryReader.CreateDictionaryReader(reader))
{
if (reader2.IsStartElement("SP"))
{
decodedCookie = reader2.ReadElementContentAsString();
}
}
}
}
return decodedCookie;
}
public static string GetCookie(string uri)
{
uint datasize = 8192 * 16;
StringBuilder cookieData = new StringBuilder((int)datasize);
if (!InternetGetCookieEx(uri.ToString(), null, cookieData, ref datasize, INTERNET_COOKIE_HTTPONLY, IntPtr.Zero))
{
if (datasize < 0) return null;
cookieData = new StringBuilder((int)datasize);
if (!InternetGetCookieEx(uri.ToString(), null, cookieData, ref datasize, INTERNET_COOKIE_HTTPONLY, IntPtr.Zero))
return null;
}
return cookieData.ToString();
}
[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetGetCookieEx(string pchURL, string pchCookieName,
StringBuilder pchCookieData, ref System.UInt32 pcchCookieData,
int dwFlags, IntPtr lpReserved);
private static int INTERNET_COOKIE_HTTPONLY = 0x00002000;
}
}
他のヒント
You will need to use Powershell to set the token life time of the security token service. the Default life time is 10 hours. You can find more information at How to Set Forms Authentication Timeout?
