locked
OWIN Authentication Cookie RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User478895623 posted

    I’ve been struggling with OWIN cookies for a couple of days now and I’m hoping someone can point me in the right direction.

    I want my users to be logged out only when the browser is closed. I’ve tried everything I can think of, but I can’t prevent users from being logged out after 20 minutes.

    These are my relevant web.config settings

    <system.web>
  <authentication mode="None" />    
</system.web>

<system.webServer>
  <modules>
    <remove name="FormsAuthentication" />
  </modules>
</system.webServer>

    This is my Startup class. 

        public partial class Startup
    {
        public void ConfigureAuth(IAppBuilder app)
        {
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/account/login"),
                AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
                CookieSecure = CookieSecureOption.SameAsRequest,
                CookieHttpOnly = true,
                SlidingExpiration = false,
                LogoutPath = new PathString("/account/login")
            });
        }
    }

    What causes the early expiration? 

    Can anyone suggest what I'm doing wrong?

    Sunday, June 1, 2014 8:15 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1818759697 posted

    Hi,

    There are two different types of cookies:

    Session cookies - these are temporary and are erased when you close your browser at the end of your surfing session. The next time you visit that particular site it will not recognise you and will treat you as a completely new visitor as there is nothing in your browser to let the site know that you have visited before (more on session cookies).

    Persistent cookies - these remain on your hard drive until you erase them or they expire. How long a cookie remains on your browser depends on how long the visited website has programmed the cookie to last (more on persistent cookies).

    About making persistent Cookies:

    For persistent cookies, we need to add an expiration time. In the given code, I have specified 5 days:

    //Creting a Cookie Object
HttpCookie _userInfoCookies = new HttpCookie("UserInfo");

//Setting values inside it
_userInfoCookies["UserName"] = "Abhijit";
_userInfoCookies["UserColor"] = "Red";
_userInfoCookies["Expire"] = "5 Days";

//Adding Expire Time of cookies
 _userInfoCookies.Expires = DateTime.Now.AddDays(5);

//Adding cookies to current web response
Response.Cookies.Add(_userInfoCookies);

    For more information, you could refer to:

    http://www.codeproject.com/Articles/31914/Beginner-s-Guide-To-ASP-NET-Cookies

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, June 3, 2014 4:03 AM