CookieAuthenticationOptions, ExpireTimeSpan does not work

Question

I have the following code:

    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            ExpireTimeSpan = System.TimeSpan.FromMinutes(1),
            LoginPath = new PathString("/Account/Login"),
            LogoutPath = new PathString("/Account/LogOff")
        });

But login session active more than 1 minute. Also, LogoutPath is not called when time is expired. Why?

Answer 1

It does expire.

Make sure you do not have any background ajax activity as it extends the session (SlidingExpiration is true by default).

Also I had to manually delete the old cookie after I changed ExpireTimeSpan from the default 14 days to a smaller value.

Answer 2

You must set IsPersistent to true otherwise you don't run code

    ClaimsIdentity claimsIdentity = new ClaimsIdentity(Claims, CookieAuthenticationDefaults.AuthenticationScheme);

                var authProperties = new AuthenticationProperties
                {
                    IsPersistent = true

                };

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);