locked
OWIN Authentication Cookie RRS feed

  • Question

  • User478895623 posted

    I’ve been struggling with OWIN cookies for a couple of days now and I’m hoping someone can point me in the right direction.

    I want my users to be logged out only when the browser is closed. I’ve tried everything I can think of, but I can’t prevent users from being logged out after 20 minutes.

    These are my relevant web.config settings

    <system.web>
      <authentication mode="None" />    
    </system.web>
    
    <system.webServer>
      <modules>
        <remove name="FormsAuthentication" />
      </modules>
    </system.webServer>
    
    

    This is my Startup class.

        public partial class Startup
        {
            public void ConfigureAuth(IAppBuilder app)
            {
                app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    LoginPath = new PathString("/account/login"),
                    AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
                    CookieSecure = CookieSecureOption.SameAsRequest,
                    CookieHttpOnly = true,
                    SlidingExpiration = false,
                    LogoutPath = new PathString("/account/login")
                });
            }
        }

    What causes the early expiration? 

    Can anyone suggest what I'm doing wrong?

    Sunday, June 1, 2014 8:15 AM

Answers

  • User-1818759697 posted

    Hi,

    There are two different types of cookies:

    Session cookies - these are temporary and are erased when you close your browser at the end of your surfing session. The next time you visit that particular site it will not recognise you and will treat you as a completely new visitor as there is nothing in your browser to let the site know that you have visited before (more on session cookies).

    Persistent cookies - these remain on your hard drive until you erase them or they expire. How long a cookie remains on your browser depends on how long the visited website has programmed the cookie to last (more on persistent cookies).

    About making persistent Cookies:

    For persistent cookies, we need to add an expiration time. In the given code, I have specified 5 days:

    //Creting a Cookie Object
    HttpCookie _userInfoCookies = new HttpCookie("UserInfo");
    
    //Setting values inside it
    _userInfoCookies["UserName"] = "Abhijit";
    _userInfoCookies["UserColor"] = "Red";
    _userInfoCookies["Expire"] = "5 Days";
    
    //Adding Expire Time of cookies
     _userInfoCookies.Expires = DateTime.Now.AddDays(5);
    
    //Adding cookies to current web response
    Response.Cookies.Add(_userInfoCookies);

    For more information, you could refer to:

    http://www.codeproject.com/Articles/31914/Beginner-s-Guide-To-ASP-NET-Cookies

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 3, 2014 4:03 AM