Net Core- Session Expires After Some Time

Question

In my project, the session is terminated automatically after a while. I don't know why this is. For example, the user logged in and then took no action for 6-7 minutes. Then when you click somewhere, the session is terminated automatically and redirected to the login page. This is a huge problem for me. Because users can spend a lot of time blogging. For example, let's say I enter a blog page and start writing. I blog for 15 minutes and then post the form. When I post the form, the session is terminated and it throws me to the login page. How do I solve this problem?

I am using Net Core Identity in my project. You can see my commands in Startup.cs below.

public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();
        services.AddDbContext<AppDbContext>(options =>
        {
            options.UseSqlServer(

                Configuration.GetConnectionString("SqlServer"),
                 config =>
                 {
                     config.MigrationsAssembly("Tekno.Migrations");
                 })
            .UseLazyLoadingProxies();

        });

        services.AddIdentity<User, Role>(options =>
        {

            options.Password.RequireDigit = true;
            options.Password.RequiredLength = Configuration.GetValue<int>("Application:Security:Password:RequiredLength");
            options.Password.RequireLowercase = Configuration.GetValue<bool>("Application:Security:Password:RequireLowercase");
            options.Password.RequireNonAlphanumeric = Configuration.GetValue<bool>("Application:Security:Password:RequireNonAlphanumeric");
            options.Password.RequireUppercase = Configuration.GetValue<bool>("Application:Security:Password:RequireUppercase");
            options.Password.RequiredUniqueChars = Configuration.GetValue<int>("Application:Security:Password:RequiredUniqueChars");
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(3);
            options.Lockout.MaxFailedAccessAttempts = 3;
            options.SignIn.RequireConfirmedEmail = true;
        })
            .AddEntityFrameworkStores<AppDbContext>()
            .AddDefaultTokenProviders()
            .AddErrorDescriber<TurkishIdentityErrorDescriber>();

        var emailConfig = Configuration.GetSection("EmailConfiguration").Get<EmailConfiguration>();
        services.AddSingleton(emailConfig);
        services.AddSingleton<Extension>();
        services.AddScoped<IEmailSender, EmailSender>();
        services.Configure<DataProtectionTokenProviderOptions>(opt => opt.TokenLifespan = TimeSpan.FromHours(2));
        services.AddAutoMapper(typeof(Startup));
    }

public void Configure(
        IApplicationBuilder app,
        IWebHostEnvironment env,
        RoleManager<Role> roleManager,
        UserManager<User> userManager)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseStatusCodePagesWithReExecute("/home/error/{0}");
        app.UseXMLSitemap(env.ContentRootPath);
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
    }

Answer 1

In the ConfigureService method, you can update the configuration of the cookie. Increase the Expiration time and enable the SlidingExpiration to true which CookieAuthenticationOptions.SlidingExpiration Property:

The SlidingExpiration is set to true to instruct the handler to re-issue a new cookie with a new expiration time any time it processes a request which is more than halfway through the expiration window

public void ConfigureServices(IServiceCollection services)
{
   // ....
   services.ConfigureApplicationCookie(options => {
       options.ExpireTimeSpan = TimeSpan.FromMinutes(600);
       options.SlidingExpiration = true;
   });
}