How to keep user login in to system and logout only after user clicks on logout button?

Question

I am using custom implementation of microsoft asp.net identity because i have custom tables that is why i have given custom implementation of all my methods IUserStore a

Answer 1

Examine the settings of the forms element within the authentication element of your web.config file.

Note the default values for the two applicable settings.

1. timeout (default is 30 minutes)
2. slidingExpiration (True or False / default varines with .NET Framework version)

For your situation, you will probably want a timeout duration much higher than 30 minutes and a slidingExpiration value of True.

Answer 2

Session lifetime (how long until the session disappears) and authentication lifetime (how long until the user has to login again) are two separate and distinct timeframes.

If authentication lifetime is longer than session timeframe this means that a session will start with the user already authenticated (i.e. the user will not need to login to initiate a session).

If authentication lifetime is shorter than session timeframe this means a user will be forced to login before their session expires. I'm not certain whether the session is "refreshed" when the user reauthenticates (as a guess... probably).

Just setting very long expirations for session and authentication might not be a piratical production ready solution (i.e. there's lots of ways for sessions to "disappear").

Why do you care if the user's session disappears and then a new one is started (without the user having to login)? Without a bit more information about what you're intending I can't really understand the core of your question.