Environment: ASP.NET Core 2.0, Identity with cookies.
In Startup.ConfigureServices()
there is this:
services.ConfigureApplicationCookie(options => {
options.ExpireTimeSpan = TimeSpan.FromDays(14);
options.Cookie.Expiration = TimeSpan.FromDays(14);
});
The first is from CookieAuthenticationOptions
. The second is from CookieBuilder
. The docs also mention Microsoft.AspNetCore.Http.CookieOptions.Expires
(though it's not available in that lambda).
What is the difference between these? What is the correct way to set an expiry time in Core2?
The following is what I am using to set the expiry for the cookie in a test application that I use.
public class Startup
{
...
// This method gets called by the runtime. Use this method to add services to the container
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
...
... // before services.AddMvc();!
services.AddAuthentication().AddCookie(options => {
options.Cookie.Expiration = TimeSpan.FromDays(14);
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.Cookie.Name = "MyCookieName";
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/Forbidden";
});
// OR Perhaps, this could be what you need
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Expiration = TimeSpan.FromDays(150);
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.Cookie.Name = "MyCookieName";
options.LoginPath = "/Account/Login";
options.AccessDeniedPath = "/Account/Forbidden";
});
...
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
... // before app.UseMvc();!
app.UseAuthentication();
// WAS -> app.UseCookieAuthentication();
...
}
...
}
I think this should get you going in the right direction.
This works for me, and I haven't noticed any issues yet. Although, it's only been a couple of weeks since the Core 2.0 RTM. :)
Hope this helps.
This code workds for me. Only second block changes cookie expiration
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
// Cookie settings
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
options.AccessDeniedPath = "/Account/AccessDenied";
});
services.ConfigureApplicationCookie(options =>
{
// Cookie settings, only this changes expiration
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromDays(150);
options.ExpireTimeSpan = TimeSpan.FromDays(150);
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With