Reputation: 1
Session timeout does not work in ASP.NET MVC
I have tried to use al the settings on web.config and UseCookieAuthentication() methods as indicated on many topics on the web as listed below:
Session timeout does not work ( is set in web.config )
How to set session timeout in web.config
mvc 5 session timeout after default period (20 mins)
However, trying to change session timeout to 1 minute (for testing) on all the options in these config or methods does not make any sense and I am not sure where the mistake is. Here are the configs below that I changed. Any idea to fix the problem? I also need to be clarified what is the best idea to set session timeout in MVC application : in web.config or in Auth classes?
web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" executionTimeout="60" />
<sessionState mode="InProc" timeout="1" />
<!-- For LDAP -->
<httpCookies httpOnlyCookies="true" />
<authentication mode="Forms">
<!-- Note: I also remove this part and try with only "sessionState" -->
<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="1"
slidingExpiration="false" protection="All" />
</authentication>
</system.web>
Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Code removed for brevity.
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(1),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
Upvotes: 1
Views: 4463
Answers (1)
Reputation: 12032
If you use ASP.NET Identity you do not need to use settings in web.config. Just add these two lines to your UseCookieAuthentication() method as shown below:
....,
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1)
...
So, the final code of your method will be as shown below:
Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Code removed for brevity.
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(1) //Set the session timeout at here
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(1));
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
For more information please visit [ASP.NET-Identity-Cookie-Authentication-Timeouts](http://www.jamessturtevant.com/posts/ASPNET-Identity-Cookie-Authentication-Timeouts/).
Upvotes: 7
Related Questions
- PostgreSQL error: Fatal: role "username" does not exist
- How do you handle multiple submit buttons in ASP.NET MVC Framework?
- How to get all Errors from ASP.Net MVC modelState?
- Compile Views in ASP.NET MVC
- How do you create a dropdownlist from an enum in ASP.NET MVC?
- ASP.NET MVC - Set custom IIdentity or IPrincipal
- File Upload ASP.NET MVC 3.0
- How to get ELMAH to work with ASP.NET MVC [HandleError] attribute?
- ASP.NET not redirecting to defaultURL automatically after ending session
- Session.Abandon does not automatically redirect to loginurl in asp.net