Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP .NET Core Cookie Authentication expiration changes from timestamp to "Session" upon return

Tags:

asp.net

asp.net-core

asp.net-core-mvc

I am using ASP .NET Core RC1 with Facebook-authentication and silding window cookie expiration set up like this:

app.UseIdentity();
app.UseFacebookAuthentication();

and

services.AddIdentity<ApplicationUser, IdentityRole>((options =>
{
    options.Cookies.ApplicationCookie.CookieName = "myauthcookie";
    options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(5);
    options.Cookies.ApplicationCookie.SlidingExpiration = true;
}))
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();

This works fine when the user first logs in - the cookie expiration is set correctly. However, when the user returns to the page, the expiration of the cookie is set to "Session", so in practice the user has to re-authenticate every other visit.

Why is this happening? Have I not configured it correctly?

Update: I have now done some testing without SlidingExpiration, and the issue remains the same. Upon returning to the page, the expiration of the cookie is changed to "Session". I am using Chrome.

Also, I am not running on https. Might this be a factor?

like image 829
severin Avatar asked Apr 11 '16 21:04

severin

1 Answers

Short Answer

Set isPersistent: true when calling SignInManager.ExternalLoginSignInAsync.

Details

In the ASP.NET Core Web Application template, the AccountController.ExternalLoginCallback method contains this code:

_signInManager.ExternalLoginSignInAsync(
    info.LoginProvider, 
    info.ProviderKey, 
    isPersistent: true);     <------ set a persistent cookie.

If we set isPersistent: true when calling ExternalLoginSignInAsync , this startup configuration...

services.AddIdentity<ApplicationUser, IdentityRole>(options =>
    {
        options.Cookies.ApplicationCookie.CookieName = "MyApplicationCookie";
        options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(5);
        options.Cookies.ApplicationCookie.SlidingExpiration = true;
    })
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();

...results in this application cookie...

MyApplicationCookie is persistent.

...which persists across browser sessions.

like image 78
Shaun Luttin Avatar answered Oct 05 '22 07:10

Shaun Luttin
Sign in to Comment

Related questions

What does a Visual Studio 2013 Project makes it a katana Project?
Different user types in ASP.Net Identity 2.0
ASP.NET Injecting DbContext into Identity UserManager
Authentication failed error when calling web method using $.ajax
How to post webform with file to webmethod using Jquery/Ajax?
How to login with "username" instead of "email address" in ASP.Net Web Forms Identity
How to create InstanceDescriptor for List of enum?
Insert new/Update existing record with one to many relationship
Windows Authentication support in ASP.NET 5 beta 8
HttpWebRequest Port Exhaustion
oauth token sharing multiple applications
Using Kentor.AuthServices.StubIdp as production IDP
ASP.NET Web API application returns HTTP 500 for non existant routes with TransferRequestHandler enabled
Accessing nested properties in a Kentico custom object macro method
Dependency Injection in the ASP.NET 5 and Object Dispose
Displaying JSON data acquired from a WebRequest in ASP.NET 5 using MVC 6
what is the C# compiler option for specifying the version of .net framework
How to display the LoggerFactory log console in ASP.NET Core 1.0 for a web app?
Filtering Out Properties in an ASP.NET Core API
should I include .vs folder in the .gitingore file?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!