ASP.NET Identity session expires too fast on prod server

Question

After applying this tutorial to my project, on my local host there is no problem however when I deploy to prod server which is on plesk, session expires too fast. Less than 5 minutes probably and it is constantly like this.

As the tutorial uses localStorage instead of cookie, I can not be sure if I should check cookie time out.

Oh the other hand I have this in my Startup.Auth.cs:

    public void ConfigureAuth(IAppBuilder app)
    {
        //...
        OAuthOptions = new OAuthAuthorizationServerOptions
        { 
            //...
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
        };
    }

How does prod IIS sets timeout and what should I do in my web.config to override this time out?

It is 20 minutes not 5 session time out – asdf_enel_hak Aug 27 '15 at 11:08 — asdf_enel_hak, Aug 27 '15 at 11:08

Igor · Accepted Answer · 2015-08-25T18:06:15.373

I assume what you mean is that 14 days is not long enough for your production environment? If not you will have to clarify what exactly you mean by 'too fast'.

The easiest way to do it is to add a setting to your web.config.

<appSettings>
    <add key="cookieExpirationDays" value="30"/>
</appSettings>

And then set it in your method.

 public void ConfigureAuth(IAppBuilder app) {
    //...
   var daysStr = System.Configuration.ConfigurationManager.AppSettings["cookieExpirationDays"];
   var days = string.IsNullOrEmpty(daysStr) ? 14 : int.Parse(daysStr);
    OAuthOptions = new OAuthAuthorizationServerOptions
    { 
    //...
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(days),
  };
}

EDIT (in response to the OPs edit)

If you are using cookies to persist the authentication token try this (see last line in the initializer).

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    CookieName = "SecurityCookie",
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Authentication/Login"),
    CookieSecure = CookieSecureOption.SameAsRequest,
    CookieHttpOnly = true,
    AuthenticationMode = AuthenticationMode.Active,
    Provider = cookieProvider, // instance of Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider
    LogoutPath = new PathString("/Authentication/LogOff"),
    SlidingExpiration = true,
    ExpireTimeSpan = TimeSpan.FromDays(days),
});

Edit 2 Added example links

Complete tutorial

General Microsoft Documentation and Help

I think [this](http://stackoverflow.com/q/29143794/492258) is my case and second part of your answer suits my case, can you point to full example, thanks — asdf_enel_hak, Aug 25 '15 at 15:32

ASP.NET Identity session expires too fast on prod server

1 Answers1