ASP.NET Core Authentication cookie does not expire

Asked Nov 14 '18 at 08:39

Active Jan 12 '19 at 20:33

Viewed 960 times

The cookie does not expire when deploying the application in IIS. When doing the testing using VS + IIS Express, everything works as expected. Please see setup above.

In Startup:

app.UseCookieAuthentication(new CookieAuthenticationOptions
 {
   AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme,
   AutomaticAuthenticate = true,
   ExpireTimeSpan = TimeSpan.FromMinutes(3),
   CookieSecure = env.IsDevelopment() ? CookieSecurePolicy.SameAsRequest : 
   CookieSecurePolicy.Always
 });

In Controller:

var principal = new ClaimsPrincipal(new ClaimsIdentity(GetUserClaims(claims, response.ContentObject.Jwt, username), CookieName));
await HttpContext.Authentication.SignInAsync(CookieName, principal);

edited Jan 12 '19 at 20:33

ekad

14,436
26
44
46

asked Nov 14 '18 at 08:39

Andrei S

This will helps you https://stackoverflow.com/questions/34979680/asp-net-core-mvc-setting-expiration-of-identity-cookie/34981457 – Hamza Haider Nov 14 '18 at 09:09
I am not using identity server. I am using only the authentication cookie. Which response would help? – Andrei S Nov 14 '18 at 12:51
1

How did you test the cookies expire? For `CookieAuthenticationOptions`, there is `SlidingExpiration` which default is true and to instruct the middleware to re-issue a new cookie with a new expiration time any time it processes a request which is more than halfway through the expiration window. I suggest you try set `SlidingExpiration` as false. – Edward Nov 15 '18 at 01:51

ASP.NET Core Authentication cookie does not expire

0 Answers0