0

I recently deployed my asp.net core mvc web app (.NET 4.6.1) to a shared hosting server. The following is what I used to set the session cookie parameters:

        services.AddIdentity<ApplicationUser, IdentityRole>(config =>
        {
            config.Cookies.ApplicationCookie.LoginPath = "/login";
            config.Cookies.ApplicationCookie.CookieName = "MyCookie";
            config.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(1.0);
            config.Cookies.ApplicationCookie.SlidingExpiration = true;
        }

However, I notice that:

1) When opening chrome developer tools, the 'Expires/Max Age' column shows "Session" for my auth cookie compared to the actual timeout value (which I set to be 1 hour).

2) After a few minutes, I get logged off on my hosted website automatically (even though session is set to expire for 1 hour). - This problem still exists

Can you please let me know what I am doing wrong, or if I am missing anything?

EDIT:

I also have another session but that's just used to keep lightweight data about the client.

        services.AddMemoryCache();

        services.AddSession(options => {
            options.CookieName = "myOtherCookie";
            options.IdleTimeout = TimeSpan.FromDays(1.0);
        });

My sign-in code:

var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, true, lockoutOnFailure: true);

Snippet of my Configure Method:

    app.UseStaticFiles();

    app.UseIdentity();

    app.UseSession();

    app.UseMvc(
        routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        }
    );

Many thanks

Terry

terry96
  • 93
  • 2
  • 7
  • you can check this https://stackoverflow.com/a/34981457/3089009 – hasan Jun 12 '17 at 14:12
  • Hi hasan, thanks for the comment. I made the isPersistent parameter true, and now it does show me the expiry date which is 1 hour later. However, its weird that my website still logs me off after a while, and when I check developer tools my auth cookie is still there with the expiry time! Am I missing any options? – terry96 Jun 12 '17 at 20:32
  • can you add your sign in code here – hasan Jun 12 '17 at 20:37
  • Hi hasan, thanks for prompt reply. I have updated my code to reflect the sign in code, and also the fact that I am using another session to store lightweight data about client. – terry96 Jun 12 '17 at 20:41
  • I have, also added a snippet of my Configure method, just to show the order in which I am calling the methods in there. – terry96 Jun 12 '17 at 20:52
  • Did you ever solve this problem? I can't believe MS doesn't provide any examples of how to make an authentication cookie persistent. – Scott Wilson Feb 25 '21 at 18:42

0 Answers0