What is the purpose of FormsAuthenticationTicket isPersistent property?
What is the purpose of FormsAuthenticationTicket isPersistent property?
n framework 1.0/1.1, setting IsPersistent to true would set an expiration of 50 years to the cookie.
In version 2.0 it was changed so the expiration of the cookie matches 
the form authentication timeout attribute. So you can set IsPersistent 
to true but the cookie will always expire after the form authentication 
timeout period.
Your code does the trick if you want long expiration period without modifying forms authentication timeout.
edit: I've downloaded your sample and replaced your cookie code with
 FormsAuthentication.SetAuthCookie(model.UserName, true);And it's working as expected: with two days configured as your form timeout, my cookie will expire in two days.
反编译之后发现,被其他方法调用
if (formsAuthenticationTicket.IsPersistent) { httpCookie.Expires = formsAuthenticationTicket.Expiration; }

HttpCookie.Expires Property
public DateTime Expires { get; set; }FormsAuthenticationTicket.Expiration Property
public DateTime Expiration { get; }Remarks
If the FormsAuthenticationTicket is created using the FormsAuthenticationTicket(String, Boolean, Int32) constructor that does not supply a parameter for an expiration date and time, the Expiration property returns a value based on the current local date and time plus the value of the timeout parameter supplied to the constructor.
public FormsAuthenticationTicket (string name, bool isPersistent, int timeout);If the FormsAuthenticationTicket was created using a constructor that takes an expiration parameter, the Expiration property returns the value supplied to the expiration parameter.
public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData);
public FormsAuthenticationTicket (int version, string name, DateTime issueDate, DateTime expiration, bool isPersistent, string userData, string cookiePath);
FormsAuthenticationTicket.expiration v web.config value timeout
Because you are manually creating the authentication cookie, the timeout value in your web.config is completely ignored. So I would recommend you having the same value:
var ticket = new FormsAuthenticationTicket(
    1,
    user.UserID,
    DateTime.Now,
    DateTime.Now.Add(FormsAuthentication.Timeout),
    false,
    "user,user1",
    FormsAuthentication.FormsCookiePath
);
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
    HttpOnly = true,
    Secure = FormsAuthentication.RequireSSL,
    Path = FormsAuthentication.FormsCookiePath,
    Domain = FormsAuthentication.CookieDomain
};
Response.AppendCookie(cookie);
 
                    
                
 
                
            
         
         浙公网安备 33010602011771号
浙公网安备 33010602011771号