ASP.NET Core Cookie authentication expires from timestamp to Session on return

Question

ASP.NET Core Cookie authentication expires from timestamp to Session on return

I am using ASP.NET Core RC1 with Facebook authentication and window cookie highlighting created as follows:

app.UseIdentity(); app.UseFacebookAuthentication();

and

  services.AddIdentity<ApplicationUser, IdentityRole>((options => { options.Cookies.ApplicationCookie.CookieName = "myauthcookie"; options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(5); options.Cookies.ApplicationCookie.SlidingExpiration = true; })) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();

This works great the first time a user logs in - the cookie expires correctly. However, when the user returns to the page, the expiration of the cookie is set to "Session", so in practice the user must re-authenticate every other visit.

Why is this happening? I did not configure it correctly?

Update : I already did some testing without SlidingExpiration, and the problem remains the same. Upon returning to the page, the expiration of the cookie changes to "Session". I am using Chrome.

Also, I do not work on https. Could this be a factor?

+5

asp.net asp.net-core asp.net-core-mvc

severin Apr 11 '16 at 21:24

source share

2 answers

Short answer

Set isPersistent: true when calling SignInManager.ExternalLoginSignInAsync .

More details

In the template for the main ASP.NET web application, the AccountController.ExternalLoginCallback method contains this code:

 _signInManager.ExternalLoginSignInAsync( info.LoginProvider, info.ProviderKey, isPersistent: true); <------ set a persistent cookie.

If we set isPersistent: true when calling ExternalLoginSignInAsync , this startup configuration ...

 services.AddIdentity<ApplicationUser, IdentityRole>(options => { options.Cookies.ApplicationCookie.CookieName = "MyApplicationCookie"; options.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromDays(5); options.Cookies.ApplicationCookie.SlidingExpiration = true; }) .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders();

... leads to this cookie application ...

... which is stored in browser sessions.

+3

Shaun luttin Apr 12 '16 at 2:30

source share

severin · Accepted Answer · 2016-05-23T06:28:05+0000

As it turned out, upgrading to ASP.NET Core RC2 resolved this issue, suggesting that it might be a bug.

ASP.NET Core Cookie authentication expires from timestamp to Session on return

Short answer

More details

More articles: