IdentityServer4 automatically logout after 30 minutes

Question

I have IdentityServer4 with Angular. Every 5 minutes the token is silent refreshed. But after 30minutes the user is automatically logged out. I was trying to set lifetime cookies somehow, without any success.

This is my current configuration:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<AppIdentityDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Identity")));

        services.AddIdentity<AppUser, IdentityRole>(options =>
            {
                options.Password.RequiredLength = 6;
                options.Password.RequireLowercase = false;
                options.Password.RequireUppercase = false;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireDigit = false;
                options.SignIn.RequireConfirmedEmail = true;
                options.User.RequireUniqueEmail = true;
                options.User.AllowedUserNameCharacters = null;
            })
            .AddEntityFrameworkStores<AppIdentityDbContext>()
            .AddDefaultTokenProviders();

        services.AddIdentityServer(options => options.Authentication.CookieLifetime = TimeSpan.FromHours(10))
            .AddDeveloperSigningCredential()
            .AddInMemoryPersistedGrants()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients(Configuration["AppUrls:ClientUrl"]))
            .AddAspNetIdentity<AppUser>();

        services.AddTransient<IProfileService, IdentityClaimsProfileService>();

        services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
           .AllowAnyMethod()
           .AllowAnyHeader()));

        services.AddRazorPages().AddRazorRuntimeCompilation();
    }

---

@EDIT

If I will add

services.Configure<SecurityStampValidatorOptions>(options =>
{
    options.ValidationInterval = TimeSpan.FromHours(24);
});

Then it working fine, but I bet this is not correct solution for my issue.

---

@EDIT2

I found this https://github.com/IdentityModel/oidc-client-js/issues/911#issuecomment-617724445 and this helped me, but still not sure whether is proper way to solve it or it just next hack.

Answer 1

As far as I know this is neither Identity Server 4 nor OpenID Connect issue.

It is the logic of Asp.Net Identity cookies. This should be configurable at the Startup.cs.

You need to add following cookie configuration:

services.ConfigureApplicationCookie(o =>
{
    o.ExpireTimeSpan = TimeSpan.FromHours(24);
    o.SlidingExpiration = true;
});

This answer is inspired from following answers:

• Why doesn't cookie ExpireTimeSpan setting work?
• ASP.NET Identity Session Timeout
• Why does my IdentityServer4 based server timeout in 30 minutes and only support SSO in the first 30 minutes?

Answer 2

I found the solution. I was using

await HttpContext.SignInAsync(user.Id, user.UserName, props);

for signIn the user. And it was caused the problem.

After changed to:

var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberLogin, lockoutOnFailure: true);

It started working properly.