Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MVC 5 Logout timeout

Users are asked to login every 20 min or so.

One of those situations where don't know where to look. I'm using C# MVC 5 IdentityFramework 1.0.0

I want to make timeout time to 4 hours.

Till now I have tried in web.config:

<system.web>
  <sessionState timeout="2880"></sessionState>
      <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
  </authentication>
</system.web>

and in Startup.Auth.sc:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            ExpireTimeSpan = TimeSpan.FromHours(4),
            CookieSecure = CookieSecureOption.Never,
            CookieHttpOnly = false,
            SlidingExpiration = true,
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

What am I missing?

EDIT - SOLUTION

The solution is to put machineKey in web.config under system.web. Key generator can be found http://aspnetresources.com/tools/machineKey

I have also migrated to Identity 2.0 and kept these settings. Migrated using this blog as a guid: http://typecastexception.com/post/2014/07/13/ASPNET-Identity-20-Extending-Identity-Models-and-Using-Integer-Keys-Instead-of-Strings.aspx

like image 325
HerGiz Avatar asked Jun 29 '14 18:06

HerGiz


People also ask

How can increase session timeout in ASP NET MVC 5?

Open the web. config file, then increase the value in minutes by using the time out attribute of SessionState element. By default, the session timeout value is 20 minutes. Also in your case if you are using forms authentication, please check the timeout value.

What is the default session timeout in MVC?

The default is 10 minutes.


1 Answers

Does it happen even if you run the site locally? Take a look at this blog post describing a similar case.

The point from the blog post being:

...remember that Forms Authentication uses the computer’s machineKey to encrypt the Forms Authentication cookie. "Could the machine key be changing over time on my shared hosting server?", I wondered.

Before emailing them to ask, I looked at the documentation on MSDN for machineKey and discovered that there is an AutoGenerate mode that can be set to regenerate a new machineKey each time the host process for a web application starts up…after 20 minutes of inactivity! Ah ha!

like image 178
jailmi Avatar answered Oct 22 '22 01:10

jailmi