I have a .net core project using Microsoft.AspNetCore.Authentication (2.2.0) configured to use CookieAuthentication. Cookies are configured to be persistent and expire after seven days. The problem is that all logged-in users are logged out whenever the application pool is recycled.
I am not using sessions at all. I have verified that the cookie is still present in the web browser, it seems like the existing cookies are determined to be invalid by the server. How can I change this behavior?
This is the current configuration:
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(
CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.AccessDeniedPath = "/";
options.LoginPath = "/";
options.LogoutPath = "/Authentication/Logout";
options.Events.OnRedirectToLogin = context =>
{
context.Response.Redirect("/?returnUrl=" + context.Request.GetEncodedPathAndQuery());
return Task.CompletedTask;
});
The error was an error in the configuration of the application pool in IIS. In the the "Advanced settings" of the application pool the setting "Load User Profile" needs to be set to "true".