I use OWIN
for Form-authentication
for Single Page Application application developed using ASP.NET Web API and AngluarJS 1.5.8.
We have a load balancer and web farm which consists of 4 servers.
The problem is that user is logged off by ASP.NET before timeout
(30 minutes) automatically. I mean aspxauth
expires before 30 minutes.
I've read that this is necessary to have the same machineKey
at all nodes of web farm to prevent logoff. And I've created the same machine key, but problem of logoff still exists.
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="30" ticketCompatibilityMode="Framework40"
protection="All" />
</authentication>
<compilation targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<sessionState mode="Off" />
<machineKey decryption="AES"
decryptionKey="123GHJKYUILM"
validationKey="0FDFFGFG456HGGHCFKL" />
</system.web>
What can be a reason of expiring aspxcookie
before timeout
(30 minutes)? I mean users become logged off.