Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the default session expiry in .NET Core 2.x?

Tags:

c#

session

session-cookies

asp.net-core-2.0

In my startup class, I am enabling session storage with this line:

        services.AddDistributedMemoryCache()
        .AddSession(options =>
            {
                options.IdleTimeout = TimeSpan.FromMinutes(20);
                options.Cookie.HttpOnly = true;
            })

However, if I understand this correctly, setting the IdleTimeout property simply states that the session will begin anew if the user does not complete any actions for > 20 minutes. My app has polling which uses user information in the session storage every 5-10 seconds, so I don't think this would ever be of use here. User permissions and roles can change from actions made outside of the current user's browser, so I would like to limit the session storage to 1 minute. I can't seem to find any exact verbiage on what the default expiration is or how to properly set that.

The CookieBuilder class has Expiration and MaxAge options, but I don't know which one is necessary. I've also read that Expiration is ignored, so that adds even more to my confusion in this subject.

Update: I receive this message when I try to set the expiration: "Expiration cannot be set for the cookie defined by SessionOption", so I've set MaxAge to 1 minute, yet I can see that the session still has old user data in it after more than 1 minute has passed.

like image 684
Dinerdo Avatar asked May 01 '19 16:05

Dinerdo

Video Answer

1 Answers

Session does not have an 'expiration' like cookies do, but the default Idle Timeout is 20 minutes, and can be adjusted using the IdleTimeout option.

Session only expires after the idle timeout period has elapsed. Additionally, the idle timeout starts after the last request is received.

For your case, the session will not expire because you poll every 5 - 10 seconds (checking the session data). This polling is seen as a 'request' to the .net core, and resets the timeout.

You can verify this by disabling the polling, and creating a page with a button that checks the session data. Wait for a period of time (ex: 20 seconds), and click the button.

Make sure that you set the Idle Timeout to a low value:

options.IdleTimeout = TimeSpan.FromSeconds(10);

Here is a link to the Documentation on Session.

like image 70
Tony Abrams Avatar answered Oct 24 '22 12:10

Tony Abrams
Sign in to Comment

Related questions

Array of pointers in C++/CLI MSIL assembly
Is any ways to convert google protobuf message into json with indentation?
Is it safe/feasible to migrate to "new project system" (PackageReference) for .NET framework solutions containing ASP.NET projects?
How to do a RavenDB query over multiple (complex structure) fields and return the matched values?
Creating a Map Chart in VSTO PowerPoint
Using abstraction and dependency injection, what if implementation-specific details need to be configurable in the UI?
Why does the MinValue for an Int32 struct in C# have two minus signs infront of it?
Auto shuffle between windows forms every after 5 min
Visual Studio Code debugger doesn't stop at breakpoints
Why did my async with ContinueWith deadlock?
How to properly build MSI Setup Projects using Azure DevOps Pipelines?
Use Adaptive Cards Designer, then replace sample values with real ones in C#
How to collect all MethodDeclarationSyntax transitively with Roslyn?
Microsoft Graph The token contains no permissions, or permissions cannot be understood
Action doesn't create a cookie when its called by external API
How to Change ConnectionStrings at Runtime for a Web API
How to consume scoped service with dependency in a background task
How to fix No connection could be made because the target machine actively refused it 127.0.0.1:64527
Trying to make epaper dynamic using C# asp.net web form
Serilog in Azure Functions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!