Asp.net-core2.0 user automatically leaves the site in 20-30 minutes

Question

Asp.net-core2.0 user automatically leaves the site in 20-30 minutes

A few days ago, I decided to upgrade my web application from asp.net core 1.1 to core 2.0. Everything seems to work fine after minor changes, except that authentication does not persist for more than 20-30 minutes.

We can take the default example from Visual Studio, because I have the same problem in my own web application and in the "ASP.NET Main Web Application" -> .NET Framework 4.6.1 + ASP.NET Core 2.0 + MVC + Separate user accounts .

The default configuration and must be registered by users within 14 days:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<ApplicationDbContext>(options =>
        options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

    services.AddIdentity<ApplicationUser, IdentityRole>()
        .AddEntityFrameworkStores<ApplicationDbContext>()
        .AddDefaultTokenProviders();
...
    services.AddMvc();
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
    app.UseAuthentication();
...
}

, 20-30 . ( " " ) , . , , cookie cookie . 20-30 , , cookie ( , ). , .

cookie , :

services.ConfigureApplicationCookie(options => {
    options.ExpireTimeSpan = TimeSpan.FromDays(1); // Just shortens cookie expiration time, but still logs out users after 20-30 minutes.
});

20-30 , - :

services.AddSession(options =>
{
    options.Cookie.Expiration = TimeSpan.FromDays(1); // This throws an error "Expiration cannot be set for the cookie defined by SessionOptions"
    options.IdleTimeout = TimeSpan.FromDays(1); // This changes session sliding expiration time... 
});

ASP.NET Core 1.1.

+9

c# cookies asp.net session asp.net-core-2.0

Shaltukaz 22 . '17 19:36

4

, , .

Live

0

Nripendra Ojha 23 . '17 6:50

Shaltukaz · Answer 1 · 2017-08-23T11:16:38+0000

, :) . https://github.com/aspnet/Identity/issues/1389

, , . , . , .

services.AddIdentity<ApplicationUser, IdentityRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
services.Configure<SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromSeconds(10));
services.AddAuthentication()
    .Services.ConfigureApplicationCookie(options =>
    {
        options.SlidingExpiration = true;
        options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
    });

, :

, , ~ 10 , . . options.ValidationInterval = TimeSpan.FromSeconds(10)).
cookie 30 options.ExpireTimeSpan = TimeSpan.FromMinutes(30); , options.SlidingExpiration = true; .
! "", , _userManager.UpdateSecurityStampAsync(user); . .

Chris Hawkes · Answer 2 · 2017-08-22T19:43:30+0000

. - 20 .

, ConfigureServices.

public void ConfigureServices(IServiceCollection services)
    {
        ....
        services.AddSession(options => { 
                options.IdleTimeout = TimeSpan.FromMinutes(30); 
                options.CookieName = ".MyApplication";
            });
    }

user3433178 · Answer 3 · 2018-12-01T02:47:26+0000

, , , , ASP.NET(Web Forms) IIS.

, IIS - , , AFAIK , .

, ASP.NET Web Forms--, , , , .

, AJAX .

Asp.net-core2.0 user automatically leaves the site in 20-30 minutes

More articles: