1

So I have a MVC5 web application and I'm using the built in ASP.Identity framework for authentication. I want to let my user keep their login status for 30 days.

here's my code in Startup.Auth.cs:

app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                CookieName = "Test",
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromDays(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                },
                ExpireTimeSpan = TimeSpan.FromDays(30)
            });

I checked the cookie after login and it's true that the expiration is 30 days, but after few minutes/hours when I'm trying to access the site again, the login status is gone. Any idea why?

tickwave
  • 3,335
  • 6
  • 41
  • 82

1 Answers1

1

It seems that there is a bug in OnValidateIdentity. Whenever it try to regenerates the cookies it set the IsPersistent to false, even if the original cookie is persistent.

If i am not wrong, you might be facing this issue after closing and reopening the browser. This issue can be resolved by adding an IsPersistent claims manualy, try looking in to this link

Community
  • 1
  • 1
Divyesh Sharma
  • 195
  • 8