- What is your product version? 8.6
- What is your product type (Angular or MVC)? MVC and Jquery
- What is product framework type (.net framework or .net core)? .Net core
Hello,
I have enabled the session timeout settings and set the value to 15minutes. After 15minutes of inactivity, I am redirected back to the login page. When I try to login again, I get an error and it says error detail not provided by the server. I get the following from the logs:
ERROR 2020-09-15 15:58:01,046 [60 ] spNetCore.Antiforgery.DefaultAntiforgery - An exception was thrown while deserializing the token.
Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery token could not be decrypted.
---> System.Security.Cryptography.CryptographicException: The key {b8f7b4e7-46d4-4309-8d00-f21ad7e8583d} was not found in the key ring.
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgeryTokenSerializer.Deserialize(String serializedToken)
at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetCookieTokenDoesNotThrow(HttpContext httpContext)
I have configured data protection as per Microsoft documentation available at https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/?view=aspnetcore-3.1#data-protection and I see the key is being stored at %LOCALAPPDATA%/ASP.NET/DataProtection-Keys folder on the IIS server. I have alspo implemented Distributed SQL server cache (https://docs.microsoft.com/en-us/aspnet/core/performance/caching/distributed?view=aspnetcore-3.1#distributed-sql-server-cache) but error keeps on popping up.
Note that the issue happens intermittently and the error goes away if I refresh the browser and try to login again.
Is there a way that I can refresh the browser automatically when the user is logged out when his session times out?
Thanks Kirtee
2 Answer(s)
-
0
Hi, is there a way I can clear the cookie from the browser when the user is logged out on session timeout? Alternatively, what is the equivalent of Session.Abandon(); in ASP.Net Zero?
Thanks and Regards
-
0
Hi @ashvinu
The cookie must be deleted when the user is logged out. We are directly using ASP.NET's Identity. Could you check that ?
Alternatively, what is the equivalent of Session.Abandon(); in ASP.Net Zero?
You can use it as you do in a regular ASP.NET Core application, AspNet Zero doesn't have a special implementation.
