Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authentication session timeout

Tags:

asp.net-mvc

asp.net-identity

I am using the built-in Identity framework offered by the MVC template in VS2013 .NET Framework 4.5.1.

I am using the feature more or less out of the box. It has been working fine. Compared to other posts I have read, my web.config has:

<authentication mode="None" />

How do I set a time out period for authenticated sessions, that is, after the user has logged in?

like image 205
Old Geezer Avatar asked Apr 08 '15 03:04

Old Geezer

People also ask

What is an authentication timeout?

The Forms Authentication Timeout value sets the amount of time in minutes that the authentication cookie is set to be valid, meaning, that after value number of minutes, the cookie will expire and the user will no longer be authenticated—they will be redirected to the login page automatically.

What is the recommended session timeout?

“OWASP recommends application builders to implement short idle time outs (2-5 minutes) for applications that handle high-risk data, like financial information. It considers that longer idle time outs (15-30 minutes) are acceptable for low-risk applications.”

What causes session timeout?

If your Internet connection is unstable, periodically disconnecting and reconnecting, it can cause a website session to expire. When the Internet connection is lost the website connection can be terminated, resulting in a session expired message if you try to access any page after the Internet reconnects.

What is idle session timeout?

Idle Session Timeout. The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you must log in again to reestablish one of the following sessions: • HTTP Session Timeout.

1 Answers

If you are using Owin authentication, you should have something like this on your StartUp.cs file within the App_Start folder:

public void ConfigureAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        // here you go
        ExpireTimeSpan = new TimeSpan(60000000000)
    });
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
}
like image 167
André Pena Avatar answered Oct 06 '22 16:10

André Pena
Sign in to Comment

Related questions

Asp.Net MVC 5 Custom Action Filter With StructureMap
How to package ASP.NET vNext projects and run elsewhere?
MVC progress bar won't work correctly
Dynamic Menu in C# ASP.Net MVC3 Razor
Could not load type 'System.Web.Mvc.ViewPage'
AutoMapper throws Missing Map when Map exists
OWIN Authentication and Custom Response
Customised error messages are not translated in ASP.NET MVC 4
html tag input of type=”number” and culture based decimal separator
Web API 2 AccessFailedCount not Incrementing When using Token Based Authentication
How do IIdentity, IPrincipal, OWIN, IdentityUser and IUser<string> fit together?
KendoUI Grid Default Value with Data Annotation
Multiple web project are hosted on IIS Express in Visual Studio 2013
How to pass model data to one controller to another controller
Prevent Double Submit / Post on ASP.NET MVC page
Why am I getting "The magic number in GZip header is not correct." error using OWIN auth against Azure SQL
ASP.NET MVC EntityFramework lazy loading or ViewModel?
How to create a form from a model in ASP.NET MVC 5?
ASP.NET MVC - DbContext good practices
Autofac error - No scope with a Tag matching 'AutofacWebRequest' is visible from the scope in which the instance was requested

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!