I am trying to make sure that the session is expired after certain amount of time of inactivity. Currently, even if I restart IIS, the application keeps me logged in. I tried to change the provider for CookieAuthenticationOptions and set the expiration there (in Startup.cs):
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(1),
SlidingExpiration = true,
Provider = new CookieAuthenticationProvider
{
OnResponseSignIn = signInContext =>
{
signInContext.Properties.ExpiresUtc = DateTime.UtcNow.Add(TimeSpan.FromMinutes(15));
}
}
});
But it still doesn't make an effect. How do I to make sure the user session is expired after a timeout?
Thanks, Vlad.