I am trying to log out all active sessions of a user that I am changing (deleting, adding or removing roles, changing the password etc.).
I found solutions for old versions of ASP .NET. Essentially calling UserManager.UpdateSecurityStampAsync(userId); but this doesn't seem to work with ASP .NET Core. I can call the function, but it just does nothing. The user is still logged in after that.
So how on earth can I log out a logged in user (all open sessions)?
There is a property of IdentityOptions called SecurityStampValidationInterval, which sets how often the cookie is validated. Its set to 30 minutes by default. You can change that:
services.Configure<IdentityOptions>(options =>
{
options.SecurityStampValidationInterval = TimeSpan.FromSeconds(0);
});