We have a website that automatically logs out after 20 minutes of idle time. Below is code in _layout.ts:
var idleMax = 200;// Logout after 20 minutes of IDLE
var idleTime = 0;
var baseUrl = '<some url>'; // like: 'http://localhost/'
var webServerUri = '<some url>'
function timerIncrement() {
idleTime = idleTime + 1;
if (idleTime > idleMax) {
idleTime = 0;
$.ajax({
url: baseUrl + "Sys/Home/Logoff"
});
window.location.replace(webServerUri + "Sys/Home/Login?returnUrl=" + window.location.href.replace(/&/gi, "%26") + "&isInactive=-1");
}
}
HomeController.cs:
Sys/Home/Logoff:
public ActionResult Logoff()
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetNoStore();
HttpContext.GetOwinContext().Authentication.SignOut();
return Redirect(VirtualPathUtility.ToAbsolute("~/") + "sys/Home/Login");
}
Login action: (showing login page):
[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnURL = returnUrl;
if (!String.IsNullOrWhiteSpace(returnUrl))
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetNoStore();
// HttpContext.GetOwinContext().Authentication.SignOut();
ViewBag.ReturnURL = returnUrl.Replace("&", "%26");
}
return View();
}
login.cshtml has begin form section as below:
@using (Html.BeginForm(new { ReturnUrl = ViewBag.ReturnUrl }))
{
@Html.AntiForgeryTokenNoEx()
.
.
.
.<Other code>
.
.
.
.
}
User log out after 20 minutes of idle time. then we again enter same username and password and it gives below error:
The provided anti-forgery token was meant for a different claims-based user than the current user
