We're using MVC5.* + AJ1.*. In StartUp, we are using CookieAuthentication. I set the expireTimeSpan to 1 minute for testing purpose.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1)
});
The issue is that when a user's cookie gets expired, the application throws the error of AntiForgery.AbpAntiForgeryApiFilter - Empty or invalid anti forgery header token.., and the page was not re-direct to the login page as expected.
And after that, if the user log in again, he will get cookie with expiration time of 1969-12-31T23:59:59.000Z, which in effect makes the cookie never expire -- causing that user never get automatically logged out. [attachment=0:334icsui]InfiniteExpirationDate.jpg[/attachment:334icsui]
Is there a way to log user out when the ApplicaionCookie gets expired rather than throw an error? I tried to use abp.session.userId, but the value is always not null.
Thank you,
1 Answer(s)
-
0
Hi @OriAssurant,
User must be logged out after the error thrown. Isn't that the case for you ?
You can create an issue here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/issues">https://github.com/aspnetzero/aspnet-zero/issues</a> because this seems like an important problem.
