0
vlad created
I am trying to make sure that the session is expired after certain amount of time of inactivity. Currently, even if I restart IIS, the application keeps me logged in. I tried to change the provider for CookieAuthenticationOptions and set the expiration there (in Startup.cs):
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(1),
SlidingExpiration = true,
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = signInContext =>
{
signInContext.Properties.ExpiresUtc = DateTime.UtcNow.Add(TimeSpan.FromMinutes(15));
}
}
});
But it still doesn't make an effect. How do I to make sure the user session is expired after a timeout?
Thanks, Vlad.
1 Answer(s)
-
0
Hi,
This is not related to ABP but AspNet. I have searched on the internet and found this issue <a class="postlink" href="https://github.com/aspnet/Security/issues/780">https://github.com/aspnet/Security/issues/780</a>.
It seems like you also need to set IssuedUtc as well.
Provider = new CookieAuthenticationProvider { OnResponseSignIn = signInContext => { signInContext.Properties.IssuedUtc = DateTime.UtcNow; signInContext.Properties.ExpiresUtc = DateTime.UtcNow.Add(TimeSpan.FromSeconds(60)); } }
Have an answer to this question?
Log in
and write your answer.