cookiesasp.net-identitysession-cookiesidentity
AspNetCore: OpenId Cookies always show expires=1969-12-31 even with IsPersistent=true and ExpireTimeSpan set
Using ASPNETCORE OpenId authentication middleware and Cookie middleware. I always see that cookies from OpenId authentication are set to expire at 1969-12-31 (in Chrome debugger). I assume this means the cookies are SESSION cookies; I want to make them persistent cookies so the user will be prompted to login less frequently. So I added the ExpireTimeSpan and IsPersistent=true as suggested in other posts, but I still see that my cookie Expires is 1969-12-31.
What am I doing wrong?
services.AddAuthentication(options =>
{
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddAzureAd(options =>
{
Configuration.Bind("AzureAd", options);
})
.AddCookie(p =>
{
p.ExpireTimeSpan = TimeSpan.FromDays(30);
p.SlidingExpiration = true;
});
services.Configure<AuthenticationProperties>(props =>
{
props.IsPersistent = true;
props.ExpiresUtc = new DateTimeOffset(DateTime.Now, TimeSpan.FromDays(30));
});
Solution
Got helped on the aspnetcore security forum, and arrived at the following solution:
.AddCookie(p =>
{
p.SlidingExpiration = true;
p.Events.OnSigningIn = (context) =>
{
context.CookieOptions.Expires = DateTimeOffset.UtcNow.AddDays(30);
return Task.CompletedTask;
};
});
I also implemented a Logout page (call to AuthenticationHttpContextExtensions.SignOutAsync(HttpContext)) to give the user more control over cookie lifetimes.
- Why Doesn't document.cookie work In A Web File?
- How to set 'SameSite' on a cookie from within a Java application?
- How can I create and test two web apps in two separate application pools on my local machine?
- How to generate COMMON KEY RING to Share cookies across subdomains?
- Warning: Text content did not match. Server: "I'm out" Client: "I'm in" div
- Header sent error express.js with cookie-parser
- How is the missing path attribute of a cookie computed or handled in a Single Page Application?
- How to tell why a cookie is not being sent?
- User not Signed in after SignInManager.PasswordSignInAsync method Call
- iPhone Facebook connect : "Cookies required"
- Cookie XSRF-TOKEN created without the httponly flag - Laravel 5.8
- Unable to get Cookie value when Jotform redirects user to another page
- Cookie LoginPath not redirecting to path
- Yahoo Finance V7 API now requiring cookies? (Python)
- Laravel Test Cookie is Encrypted Despite Being Excluded from EncryptCookies Middleware
- NextJS: Why NextResponse.redirect is not triggering on production
- How to copy cookies in Google Chrome?
- How do sites like quora track users without cookies?
- How to save the browser sessions in Selenium?
- Trouble setting cookies in Express backend for Next.js frontend use
- Cookies getting disappeared when page refreshes
- Read Flask Session Cookie
- Laravel 5: cookie set by custom Middleware not readable in Controller
- Is storing an OAuth token in cookies bad practice?
- How do I create and read a value from cookie with javascript?
- If I set AccessToken and RefreshToken both (JWT) as cookies by server, They both automatically will be sent to server in each request from client
- How many bytes in one round-trip for an HTTP/2 browser request over mobile networks?
- Cant get claims in authorization handler
- Why cookies dont expire after closing browser?
- How to specify SameSite value for javax.servlet.http.Cookie