Reputation: 1253
Why is ASP.NET Remember Me Feature so Forgetful?
I have an ASP.NET MVC 5 project using ASP.NET Identity 2.2. I set this up using the "Individual User Accounts" Authentication option in Visual Studio. I can login without issue. If I do not click Remember Me and close the browser after login, my credentials are not remembered on re-open. If I do click Remember Me and close the browser after login, my credentials are remembered on re-open. So far so good.
The problem comes when I click Remember Me, login, close the browser, and leave it closed for an extended period of time (my tests make me think it must be more than 20 minutes). When I do that, my credentials are forgotten and I have to login again. Why is this occurring?
When I open the browser up again after the 20 minutes, the AspNet.ApplicationCookie cookie is still present and has an expiration time that is about two weeks in the future.
I've seen other articles mention the UseCookieAuthentication method call, so I have included that below. I believe that I am using the defaults for this.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Upvotes: 2
Views: 322
Answers (1)
Reputation: 416049
20 minutes is about how long it takes for an idle AppDomain to recycle. If you have a different account connecting to your page, to keep it from going idle, it might remember you for longer.
Upvotes: 1
Related Questions
- How to implement remember me functionality properly? Asp.Net Core
- Remember me option not working using cookies in ASP .Net MVC
- Remember me feature with MVC Identity
- Implementing remember me with .NET Identity
- ASP.Net MVC - Cookie Remember Me
- "Remember Me" not working on server
- "Remember me" with ASP.NET MVC Authentication is not working
- asp.net "Remember Me" cookie
- Implementing "Remember me" Functionality in ASP.NET
- Using "Remember Me" functionality for authentication in .NET 2.0