ASP.NET Core Identity session expires sooner than it is configured to happen

Question

So in my application I've configured the identity as:

services.ConfigureApplicationCookie(cfg =>
            {
                cfg.Cookie.Name = "application_ms_state";
                cfg.Cookie.Expiration = TimeSpan.FromDays(1);
                cfg.SlidingExpiration = true;
            });

but the expiration happens in almost 20 minutes.could anyone shed some light on this?

Maybe this will help: https://stackoverflow.com/questions/37086645/how-to-set-asp-net-identity-cookies-expires-time — Anthony McGrath, Sep 12 '17 at 04:29
I already use signInManager.SignInAsync directly with `IsPersistent = true` but still no luck! — Behnam Esmaili, Sep 12 '17 at 04:53
What do you have for ExpireTimeSpan set up in Startup.cs? (Mentioned in linked post) — Anthony McGrath, Sep 12 '17 at 04:58
i am using identity 2.0.0 and it is configured the other way as i posted in question.in v 2.0.0 it's `cfg.Cookie.Expiration` — Behnam Esmaili, Sep 12 '17 at 05:02
What about directly adding IsPersistent = true to the services.ConfigureApplicationCookie(cfg => method you mentioned above? — Anthony McGrath, Sep 12 '17 at 05:06
there is no such an option in CookieAuhenticationOption and its not rational to be one either. — Behnam Esmaili, Sep 12 '17 at 05:16
`ExpireTimeSpan` is renamed to `Expiration` in version 2.0.0. — Behnam Esmaili, Sep 12 '17 at 06:01
The browser isn't being closed or the server restarted is it? — Tratcher, Sep 12 '17 at 12:30

score 4 · Answer 1 · answered Sep 14 '17 at 15:32

After days of searching thanks to guys behind this answer i figured out that the problem is ,identity checks every 30 minutes (by default, its configurable) to see if issued authentication ticked is valid, consequently it checks to see if the class which is implementing UserStore<> is implementing IUserSecurityStampStore (UserManager.SupportsUserSecurityStamp) for that matter. As my MembershipService class which is implementing IUserStroe does not implement IUserSecurityStampStore<> thus after 30 min interval i end up with invalid security stamp and a null principal which == SignOut.

check this github issue to get a reference for mentioned code snippets.

score 1 · Accepted Answer · answered Sep 13 '17 at 10:32

1

Read the doc comments. https://github.com/aspnet/Security/blob/a53bf093a7d86b35e019c80515c92d7626982325/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs#L147 ExpiresTimeSpan and Expiration control different things. ExpiresTimeSpan is the one used for sliding expiration.

answered Sep 13 '17 at 10:32

Tratcher

5,929
34
44

i applied `ExpiresTimeSpan` and waiting for the result.i'll mark u as answer after 40 mins or so if i didn't log out after that time span :D. – Behnam Esmaili Sep 13 '17 at 11:54
i mark you as answer because it's more likely to be the common problem but posting my own answer for those who just in case face similar problem.thanks in advance for sticking to problem. – Behnam Esmaili Sep 14 '17 at 15:40

ASP.NET Core Identity session expires sooner than it is configured to happen

2 Answers2