Menu
I am using the B2C Portal to assign the values below. I assumed the web app session lifetime setting would effectively set the cookie expiration. But no matter what I do, it keeps coming back at two weeks. (Today is the 14th).
If I use the TicketReceived event to set context.Properties.ExpiresUtc then the value I set shows up in the cookie.
If web app session lifetime is not supposed to set the cookie, then what use is it? Regardless, I can't figure out where two weeks is coming from.
And as far as I can tell, the value below in Token Lifetimes sets the exp claim when it comes back. That seems to be just for JWT's.
Can someone shed some light on this?
TIA
570
I was struggling with this as well a long time ago, here is my take on it:
Web app session timeout is used for the cookie at B2C, so if you login in a second B2C secured app, you don't need to relogin at B2C. This isn't the value you are looking for.
The token lifetime should be copied to your own environment.
Check out some documentation about UseTokenLifetime
Also read about it here:
https://github.com/aspnet/Security/issues/147
We believe the default of true is overall the safest: When using ASP.NET Identity, it will replace the cookie with its own cookie that has its own expiration rules When using OIDC is the primary authentication, the value of true is presumably what people want.
and some more info here: Microsoft.Owin.Security.OpenIdConnect with Azure Active Directory authentication ticket lifetime
code fragment:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
....
UseTokenLifetime = true,
....
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
