Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keep user logged in to ASP.NET 5 website for long time

Tags:

c#

asp.net

asp.net-mvc

asp.net-core

I want users who select the "remember me" option to stay logged in to my website for a long time (e.g. 3 months, or until they clear cookies). Currently I have to log in again every 20 mins or so.

I'm using ASP.NET 5 / vnext / mvc 6 (beta 7). My website is based on the code visual studio makes as a template project. I know other questions ask a similar thing, but I don't see how it applies in the new ASP.NET.

I have this code in my Startup.ConfigureServices method, but it doesn't seem to have an effect:

    services.ConfigureIdentityApplicationCookie(options =>
    {              
        options.ExpireTimeSpan = TimeSpan.FromDays(90);
        options.SlidingExpiration = true;
        options.AutomaticAuthentication = true;
        options.LoginPath = new PathString("/Account/Login");
        options.LogoutPath = new PathString("/Account/LogOff");
    });

thanks

EDIT

Using fiddler, the response from logging in contains this cookie data:

Response sent 642 bytes of Cookie data: Set-Cookie: .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8P8cKnxL87ZMjh0duvm7eKbBbA_vf1ECr95KgPd4MNsKBj0_SljMLWLPNzNFIr4PQTG1ZjVyQ7cfFMEehcI5JZrOlVVHfZ_SD29jN1vdhsdUMPTysvhvo6RlnDHq5YwFdnTNqw-_ia4cGWk8Iw05PJHsQ0mws_e0DzWpX088kysJuU0LcNoyPA22nyMoGrK1RP1Bax_XwixdO6jLQx164lqRqVYi6ys3VVPJP0aLOg3w4CovxcAemgMQEhAcNUdP6Q0rnBmfBn7FZR_kNEgXoiMkNNgBDwUuVyiweU3fw5rzE-mmBPo2IYBJWRoaSzNLcUV5gSTpDT2n8IMh4nPlTzGrFIUgCpHDhpmXJJ3EneC5i-eVaLGeQG1FAIBZZ-oNlolwdkXi63bXpHuRME9cnYLTm3cDpfooXKq0_Rn7ls4lN-wCF5kGvz6ALruUaPWNERvcKlccix7o3B_-rj1q5yhn1bKO2vumArRaq-QpHb2djaN84IdFBOw1CSJLpeQKeP3qrdJD8-GYl6chvbJ4FbA; expires=Mon, 04 Jan 2016 10:40:35 GMT; path=/; httponly

You can see at the end the expire time is in 90 days, which is correct, yet it will still log me out in 20 mins or so.

like image 969
Martin Richards Avatar asked Oct 06 '15 09:10

Martin Richards

1 Answers

Maybe You have key storage problem? Check Your logs if cookie encryption keys are properly stored. If app cannot persist keys they will be regenerated after restart, so all logins will be invalidated.

https://docs.microsoft.com/pl-pl/aspnet/core/security/data-protection/configuration/default-settings?view=aspnetcore-2.1

To enable user profile on IIS check app pool settings. If You host on windows 7 there is mess in default settings for app pools.

like image 56
Shadow Avatar answered Nov 06 '22 02:11

Shadow
Sign in to Comment

Related questions

Introducing Brevity Into C# / Java
How to produce a StackOverflowException with a few lines of code?
What is the cleanest way to write this if..then logic?
When to use 'if…else if' and when to use
How to get ASP.NET MVC application's base url in Startup.cs file?
A WPF window doesn't release the memory after closed
Calling a c dll from C++, C# and ruby
Casting the Result of TableOperation.Retrieve
Can you programmatically interact with Component-Based Servicing (TrustedInstaller)? [closed]
Disable resizing out of browser Silverlight 4 Window [duplicate]
SplitContainer Panel Resize Issue

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!