Cookie Authentication expiring too soon in ASP.NET Core
I have a ASP.NET Core 1.1.2 project in which I am using cookie authentication. I am having a problem where users are being prompted to log back in after being idle for an h
-
Do you have services.AddIdentity set up in your ConfigureServices method?
services.AddIdentity<ApplicationUser, IdentityRole>(config => { // Require a confirmed email in order to log in config.SignIn.RequireConfirmedEmail = true; // Cookie settings config.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(10); config.Cookies.ApplicationCookie.LoginPath = "/Account/LogIn"; config.Cookies.ApplicationCookie.LogoutPath = "/Account/LogOut"; }).AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders();I had a similar issue and resolved it here ASP.NET MVC Core Identity & Cookies
讨论(0) -
users are being prompted to log back in after being idle for an hour or less, and loosing work.
I have similar configuration, but it works fine for me.
One thing I can think of is you cannot let web server idle for 20 minutes. IIS's app pool default idle time-out is 20 minutes (I could not say for other Linux web server).
So you could either set longer app pool time-out (0 for infinity), or ping every 5 minutes from external service like Monitis.
讨论(0) -
I know that is too late for answering this question, but for whom facing this. The IIS reset pool every 20 minutes and every 20 mins ASP.NET generate new key for protect cookie values (Authentication and Session). to prevent this, add following code to
ConfigureServicesinStartupclassservices.AddDataProtection() .PersistKeysToFileSystem(new System.IO.DirectoryInfo("SOME WHERE IN STORAGE")) //.ProtectKeysWithCertificate(new X509Certificate2()); .SetDefaultKeyLifetime(TimeSpan.FromDays(90));A complete guide is here. It is all about
DataProtection讨论(0)
加载中...
- 热议问题