CODEWITHSUNDEEP
asp.net-mvcentity-frameworkauthenticationlogout
HerGiz
HerGiz

Reputation: 967

MVC 5 Logout timeout

Users are asked to login every 20 min or so.

One of those situations where don't know where to look. I'm using C# MVC 5 IdentityFramework 1.0.0

I want to make timeout time to 4 hours.

Till now I have tried in web.config:

<system.web>
  <sessionState timeout="2880"></sessionState>
      <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2880" />
  </authentication>
</system.web>

and in Startup.Auth.sc:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            ExpireTimeSpan = TimeSpan.FromHours(4),
            CookieSecure = CookieSecureOption.Never,
            CookieHttpOnly = false,
            SlidingExpiration = true,
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

What am I missing?

EDIT - SOLUTION

The solution is to put machineKey in web.config under system.web. Key generator can be found http://aspnetresources.com/tools/machineKey

I have also migrated to Identity 2.0 and kept these settings. Migrated using this blog as a guid: http://typecastexception.com/post/2014/07/13/ASPNET-Identity-20-Extending-Identity-Models-and-Using-Integer-Keys-Instead-of-Strings.aspx

Upvotes: 9

Views: 4138

Answers (2)

jailmi
jailmi

Reputation: 21

Does it happen even if you run the site locally? Take a look at this blog post describing a similar case.

The point from the blog post being:

...remember that Forms Authentication uses the computer’s machineKey to encrypt the Forms Authentication cookie. "Could the machine key be changing over time on my shared hosting server?", I wondered.

Before emailing them to ask, I looked at the documentation on MSDN for machineKey and discovered that there is an AutoGenerate mode that can be set to regenerate a new machineKey each time the host process for a web application starts up…after 20 minutes of inactivity! Ah ha!

Upvotes: 2

user2138919
user2138919

Reputation:

Make sure you do not have any background ajax activity as it affects session (SlidingExpiration is true by default). Also you have to manually delete old cookies after changing ExpireTimeStamp from default 14 days to smaller value.

Upvotes: 0

Related Questions