locked
explicitly calling UpdateSecurityStampAsync does not change securitystamp RRS feed

  • Question

  • User-585144208 posted

    Hi

    Sometimes I want to disable some users, and I set their emailconfirmed property to false in aspnetusers table, but in the mean time I want to invalidate user login cookies, so I thought that calling UserManager.UpdateSecurityStampAsync(id) would help me. However, it does not work.

    Do you have any suggestion ? 

    Saturday, November 10, 2018 1:59 PM

All replies

  • User475983607 posted

    Sometimes I want to disable some users, and I set their emailconfirmed property to false in aspnetusers table, but in the mean time I want to invalidate user login cookies, so I thought that calling UserManager.UpdateSecurityStampAsync(id) would help me. However, it does not work.

    Do you have any suggestion ? 

    The token is cached within the cookie.   Either the cookie or the token must expire before the framework will validate the security stamp.  You're other thread shows you have the security validation set to 1 minutes so you have to wait a minute.  If you want immediate action then set the frequency to something smaller than a minute.  Or check the token on every request.

    Saturday, November 10, 2018 2:12 PM
  • User-585144208 posted

    Actually I waited one minute and the cookie was still valid. 

    Saturday, November 10, 2018 5:46 PM
  • User475983607 posted

    Actually I waited one minute and the cookie was still valid. 

    I'm unable to reproduce this issue.  Maybe this SO post will provided some guidance.

    https://stackoverflow.com/questions/24286489/how-do-i-forcefully-propagate-role-changes-to-users-with-asp-net-identity-2-0-1

    Saturday, November 10, 2018 8:19 PM