Menu
It seems I don't understand clearly how IsPersistent in OWIN cookie authentication works, the code below is to use IsPersistent:
var context = Request.GetOwinContext(); var authManager = context.Authentication; var properties = new AuthenticationProperties { IsPersistent = isPersistence }; authManager.SignIn(properties, identity); I don't see the difference when user checks/unchecks Remember me (uses IsPersistent behind) because if I close Chrome browser and open it again to go with the website, the cookie .AspNet.ApplicationCookie is still there and it lets me in even I check or uncheck Remember me.
I have checked the definition of IsPersistent on the link:
Gets or sets whether the authentication session is persisted across multiple requests.
But don't get much understanding since I see it still works.
The code to setup OWIN cookie authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationMode = AuthenticationMode.Active, AuthenticationType = ApplicationTypes.ApplicationCookie, ExpireTimeSpan = TimeSpan.FromMinutes(30), LoginPath = new PathString("/Account/LogOn") }); 
557
ASP.NET Core provides a cookie authentication mechanism which on login serializes the user details in form of claims into an encrypted cookie and then sends this cookie back to the server on subsequent requests which gets validated to recreate the user object from claims and sets this user object in the HttpContext so ...
The entire cookie-based authentication works in the following manner: The user gives a username and password at the time of login. Once the user fills in the login form, the browser (client) sends a login request to the server. The server verifies the user by querying the user data.
For a general cookie manually created within your application, you control the flags for security when creating it - for example: Response. Cookies. Append( "COOKIE_NAME", "COOKIE_VALUE", new CookieOptions() { Path = "/", HttpOnly = false, Secure = false } );
Persistent cookies will be saved as files in the browser folders until they either expire or manually deleted. This will cause the cookie to persist even if you close the browser.
If IsPersistent is set to false, the browser will acquire session cookie which gets cleared when the browser is closed.
Now the reason session cookie wont clear after restarting the browser is because of chrome default settings. To fix it go to chrome settings -> advanced, and uncheck Continue running background apps when Google Chrome is closed under System section.
84
public void Configuration(IAppBuilder app) { //Some Code app.UseCookieAuthentication(GetCookieAuthenticationOptions()); //Some Code } private static CookieAuthenticationOptions GetCookieAuthenticationOptions() { var options = new CookieAuthenticationOptions(); { CookieName = "AuthCookie", //Some cookie settings here }; var provider = (CookieAuthenticationProvider)options.Provider; provider.OnResponseSignIn = (context) => { context.Properties.IsPersistent = true; context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddHours(24); }; return options; } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
