I used:
services.AddAuthenticationCore().ConfigureApplicationCookie(o =>
{
o.ExpireTimeSpan = TimeSpan.FromHours(1);
o.SlidingExpiration = true;
});
to set my authentication cookie ExpireTimeSpan in Startup.cs in ASP.NET Core MVC project.
I can see that the cookie expire-time has been set correctly in the web browser after login, but it auto logout after 30 minutes every time, even if I refresh the website every 10 seconds.
If I set the ExpireTimeSpan less than 30 minutes, it can timeout correctly, but expire-time cannot be refreshed.
Why is it 30 minutes? Where can I change the 30 minutes timeout setting? Or is it set in IIS?
Why is it 30 minutes?
It's the default of ASP.NET Core Identity.
Where can I change the 30 minutes timeout setting? Or is it set in IIS?
No. Call ConfigureApplicationCookie after IdentityRegistrar.Register:
public IServiceProvider ConfigureServices(IServiceCollection services)
{
// ...
IdentityRegistrar.Register(services); // No change
AuthConfigurer.Configure(services, _appConfiguration); // No change
services.ConfigureApplicationCookie(o =>
{
o.ExpireTimeSpan = TimeSpan.FromHours(1);
o.SlidingExpiration = true;
});
// ...
}
"If you define it before the
services.AddIdentity, your custom values will be overwritten."https://github.com/aspnet/Identity/issues/1389#issuecomment-324257591