0

I use Asp Identity for Authentication in MVC project, my problem is the session end and the user still authentication in some cases.

I set the time out of OWIN to 20 min on configuration

 app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                ExpireTimeSpan = TimeSpan.FromMinutes(20),
                SlidingExpiration = false,
            })

its work after 20 min my session data and Owin is cleared.

but still problem in some cases :

  1. when IIS reset the session clear but the user still authenticated .

  2. when I build my solution on vs 2015 the session clear but the user still authenticated .

Improve this question
1
  • have you checked to see if the browser cache has been cleared? Commented Nov 23, 2015 at 10:54

1 Answer 1

Reset to default
2

You're using DefaultAuthenticationTypes.ApplicationCookie - cookie authentication.

This is to be expected.. The cookie will live for 20 minutes (as per your configuration) then expire. It has nothing to do with Session

If you really want to tie your authentication to a session, see here: https://stackoverflow.com/a/11420005/131809

I would suggest using an ActionFilter in place of a base class though (as mentionedi n one of the comments)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.