What is the purpose of FormsAuthenticationTicket isPersistent property?

What is the purpose of FormsAuthenticationTicket isPersistent property?

n framework 1.0/1.1, setting IsPersistent to true would set an expiration of 50 years to the cookie.
In version 2.0 it was changed so the expiration of the cookie matches the form authentication timeout attribute. So you can set IsPersistent to true but the cookie will always expire after the form authentication timeout period.
Your code does the trick if you want long expiration period without modifying forms authentication timeout.

edit: I've downloaded your sample and replaced your cookie code with

 FormsAuthentication.SetAuthCookie(model.UserName, true);

And it's working as expected: with two days configured as your form timeout, my cookie will expire in two days.

 

反编译之后发现，被其他方法调用

https://github.com/microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs#L515

if (formsAuthenticationTicket.IsPersistent)
            {
                httpCookie.Expires = formsAuthenticationTicket.Expiration;
            }

 

HttpCookie.Expires Property

public DateTime Expires { get; set; }

FormsAuthenticationTicket.Expiration Property

public DateTime Expiration { get; }

Remarks

If the FormsAuthenticationTicket is created using the FormsAuthenticationTicket(String, Boolean, Int32) constructor that does not supply a parameter for an expiration date and time, the Expiration property returns a value based on the current local date and time plus the value of the timeout parameter supplied to the constructor.

public FormsAuthenticationTicket (string name, bool isPersistent, int timeout);

If the FormsAuthenticationTicket was created using a constructor that takes an expiration parameter, the Expiration property returns the value supplied to the expiration parameter.

public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData);
public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData, string cookiePath);

 

FormsAuthenticationTicket.expiration v web.config value timeout

 

 

 

 

Thanks for submitting an edit. It is only visible to you until it’s been approved by trusted community members

Because you are manually creating the authentication cookie, the timeout value in your web.config is completely ignored. So I would recommend you having the same value:

var ticket = new FormsAuthenticationTicket(
    1,
    user.UserID,
    DateTime.Now,
    DateTime.Now.Add(FormsAuthentication.Timeout),
    false,
    "user,user1",
    FormsAuthentication.FormsCookiePath
);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
    HttpOnly = true,
    Secure = FormsAuthentication.RequireSSL,
    Path = FormsAuthentication.FormsCookiePath,
    Domain = FormsAuthentication.CookieDomain
};
Response.AppendCookie(cookie);

 

作者:Chuck Lu    GitHub