我一直试图找到一个明确的答案,为什么我看到这种行为.我正在使用Microsoft ASP.NET Identity模板项目来查看Identity,OWIN等的工作原理.我注意到每次我提出请求(去联系,管理等).我的AspNet.ApplicationCookie有一个不同的加密字符串(在Chrome或IE上使用开发人员工具时).起初我认为这可能是因为我没有对用户提出任何声明,但我尝试添加一些声明并仍然看到相同的行为.有谁见过/知道为什么？是否只是加密的cookie更改,因为OWIN中间件如何加密cookie？任何帮助是极大的赞赏.

我读了https://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/
和
http://tech.trailmax.info/2014/08/aspnet-identity-cookie-format/

但是我都没有真正理解为什么我会看到我所看到的行为.再次感谢大家.

更新：
这是我的startup.Auth.cs

 public void ConfigureAuth(IAppBuilder app)
    {

        // Configure the db context, user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {

            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            LogoutPath = new PathString("/Account/LogOff"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(0),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            },
        });            
        //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // these two lines of code are needed if you are using any of the external authentication middleware
        app.Properties["Microsoft.Owin.Security.Constants.DefaultSignInAsAuthenticationType"] = "ExternalCookie";
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "ExternalCookie",
            AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
        });

        // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
        app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

        // Enables the application to remember the second login verification factor such as phone or email.
        // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
        // This is similar to the RememberMe option when you log in.
        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}

最佳答案 您的问题与validateInterval：TimeSpan.FromMinutes(0)一致,在这里您有效地说“在每个请求上重新生成cookie” – 这是在更改安全戳时全局cookie失效.

将validateInterval设置为几分钟 – 您不会在每个请求上使cookie无效,只有每隔几分钟就会设置它.