1

I'm using ASP.NET MVC 5 with identity 2.0. I've set identity session timeout in Startup.cs as below:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/login"),
    ExpireTimeSpan = TimeSpan.FromMinutes(double.Parse(ConfigurationManager.AppSettings["app:SessionTimeout"]))
});

I think this timeout is just set for asp.net auth cookie. So, I've also changed session timeout for other sessions in Global.asax as below:

protected void Session_Start()
{
    Session.Timeout = int.Parse(ConfigurationManager.AppSettings["app:SessionTimeout"]);
}

I'm using the following code for my login logic (Note the Session variable at the end):

var userManager = new UserManager();
var identityUser = await userManager.FindByIdAsync(UserID);
var identity = await userManager.CreateIdentityAsync(identityUser, DefaultAuthenticationTypes.ApplicationCookie);
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
authenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = IsPersistent }, identity);

Session["MyCustomSession"] = "MyCustomData";

This is the problem: after login and a period of time, User.Identity.IsAuthenticated returns true, User.Identity.GetUserId() returns user's id, while Session["MyCustomData"] returns null. It seems that owin session and custom session timeout are not synced. What do I do to make them synced?

itecompro
  • 39
  • 7
  • Not even one answer after 4 days!? Please help... – itecompro Jul 12 '15 at 06:27
  • related: http://stackoverflow.com/questions/22944783/how-to-set-timeout-for-owincontext-in-mvc-5 – Andy Raddatz Feb 11 '16 at 19:16
  • There seems to be confusion here between Authentication Timeout and Session Timeout. See here http://stackoverflow.com/questions/17812994/forms-authentication-timeout-vs-sessionstate-timeout. – Dov Miller Apr 05 '17 at 12:02

0 Answers0