Search code examples
asp.net-mvcasp.net-core.net-6.0.net-7.0.net-8.0

.Net 8.0 after immediately running it displays "Cookie.Expiration is ignored, use ExpireTimeSpan instead"

I have Converted my mvc application from .net core 2.2 to .net 8.0, but when it is running, it is not showing login page instead of it is throwing error like below,

Cookie.Expiration is ignored, use ExpireTimeSpan instead.

I am using Redis session. I have set configuration like below,

services.AddStackExchangeRedisCache(option =>
{
    option.Configuration = Configuration.GetConnectionString("AzureRedisConnection");
    option.InstanceName = !string.IsNullOrEmpty(Configuration.GetSection("SessionSettings")["RedisInstancePrefix"]) ? Configuration.GetSection("SessionSettings")["RedisInstancePrefix"] : "CrmStep_";                
});

services.AddSession(options =>
{
    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
    options.Cookie.MaxAge = TimeSpan.FromHours(24);
    options.IOTimeout = TimeSpan.FromMinutes(!string.IsNullOrEmpty(Configuration.GetSection("SessionSettings")["IOTimeOut"]) ? Convert.ToDouble(Configuration.GetSection("SessionSettings")["IOTimeOut"]) : 1440);
    options.IdleTimeout = TimeSpan.FromMinutes(!string.IsNullOrEmpty(Configuration.GetSection("SessionSettings")["IdleTimeOut"]) ? Convert.ToDouble(Configuration.GetSection("SessionSettings")["IdleTimeOut"]) : 1440);
});

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.LoginPath = "/Login";
            options.Cookie.HttpOnly = true;
            options.SlidingExpiration = true;
            options.Cookie.Expiration = TimeSpan.FromHours(24);
            options.ExpireTimeSpan = TimeSpan.FromHours(24);
            options.Cookie.MaxAge = TimeSpan.FromHours(24);
        });


app.UseHttpsRedirection();
app.UseCookiePolicy();            
app.UseStaticFiles();
app.UseForwardedHeaders();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseSession();

Please any one help to fix this, Thanks!

Solution

  • According to the error message, you could find you should use the options.ExpireTimeSpan = TimeSpan.FromHours(24); instead of options.Cookie.Expiration = TimeSpan.FromHours(24);since the ExpireTimeSpan will ignore the Expiration.

    This options.ExpireTimeSpan controls how much time the authentication ticket stored in the cookie will remain valid from the point it is created. The expiration information is stored in the protected cookie ticket. Because of that an expired cookie will be ignored even if it is passed to the server after the browser should have purged it.

    This is separate from the value of Expires, which specifies how long the browser will keep the cookie.

    Use below codes and it will work well.

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.LoginPath = "/Login";
            options.Cookie.HttpOnly = true;
            options.SlidingExpiration = true;
            //options.Cookie.Expiration = TimeSpan.FromHours(24);
            options.ExpireTimeSpan = TimeSpan.FromHours(24);
            options.Cookie.MaxAge = TimeSpan.FromHours(24);
        });