How to invalidate .AspNet.ApplicationCookie after Adding user to Role using Asp.Net Identity 2?

Question

I have 2 questions related to that:

1) I need to invalidate.AspNet.ApplicationCookie after Adding / Removing some remote user to Role using Asp.Net Iden

Answer 1

If you want to change the security stamp after adding to a role use this:

UserManager.UpdateSecurityStampAsync(User.Id)

And don't set validateInterval to TimeSpan.FromSeconds(0) - this basically means database will be hit every on request. Set it to something like 10 minutes.

Just last night I've blogged about CookieAuthenticationProvider and how it invalidates the cookie. Basically the cookie contains information about time it was created. If it is older than validateInterval, then reach to database, get user record and compare security stamps in cookie and in the DB. If stamp not changed, issue a new cookie with new issue date. If stamps don't match, invalidate the cookie and log-out user.