It seems like the following code is not working anymore in ASP.NET Identity? Is this correct?
Global.asax
protected void Session_Start(object sender, EventArgs e)
{
Session.Timeout = 5; // It has no impact to Session
}
And this code defines the session timeout only.
STARTUP.AUTH.CS
public void ConfigureAuth(IAppBuilder app)
{
var sessionTimeout = 20; //
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromMinutes(sessionTimeout),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieName = ".MyApp1_Authentication",
SlidingExpiration = true
});
}
Cookie ExpireTimeSpan defines the length of life of the authentication cookie.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromSeconds(30),
// other stuff
});
This will make authentication cookie invalid in 30 seconds. But it won't reload the page for the user, it will redirect user to login page only on the next request.
If you need the page automatically reloaded on cookie expire, you'll need some JavaScript in the browser to detect when the session is about to expire.
Not really an answer, as you already had that in you question. Just an extended comment -)