How to Extend Cookie expiry in .Net Web API HttpActionContext

Question

I'm implementing Angular Project the Service Side I'm using .NET Web API. The Web API is a Stateless, so I'm using Cookie to maintain the Authentication. AuthLogin Controller Checks the Credential is correct, If it is TRUE then it create the Cookie and pass the cookie via HTTP Response. Additionally I added ActionFilterAttribute to validate the User. If any request the Web API received then it triggers the ActionFilterAttribute before entering into the Controller. Their I'm checking, the Request is containing any Cookie and it checks it with the database. Once the Cookie is validated I need to extend the cookie expiry to 30 mins.

My Web API Controller Methods

[HttpPost]
public HttpResponseMessage AuthLogin()
{
        serverCookie = new CookieHeaderValue
                                ("Test", "Super");
        serverCookie.Expires = DateTimeOffset.Now.AddMinutes(15);
        serverCookie.Domain = Request.RequestUri.Host;
        serverCookie.Path = "/";


    HttpResponseMessage response = Request.CreateResponse(_credential.Item2 ? HttpStatusCode.OK : HttpStatusCode.Unauthorized);

    response.Headers.AddCookies(new CookieHeaderValue[] { serverCookie });
    return response;
}

[HttpPost]
[Authenticate]
public string SecurePost()
{
     return "Success";
}

The ActionFilterAttribute C# Code:

public class AuthenticateAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {            
        Debug.WriteLine("Cookie Life Time Extended Successfully to 30 Mins.");
    }
}

My Requirement is to extended the life span of Cookie to 30 Mins and send the information along with the return value. Kindly assist me in this regards.

score 2 · Answer 1 · answered Apr 22 '19 at 05:14

I was able to extent cookie expiry time in MVC application

HttpCookie cookie = Request.Cookies["MyCookie"];
if (cookie!+null && !cookie.Value.IsEmpty())
{
        // Update the cookie expiration
        cookie.Expires = DateTime.Now.AddMinutes(Convert.ToInt32(1));
        Response.Cookies.Set(cookie);//Request.Cookies.Set(cookie);
}
else
{ 
}

Rahul Nikate · Accepted Answer · 2016-06-15T10:22:30.877

0

The HTTP protocol never sends cookie expiration time to the server. So you can not extend cookie expiration time.

Browser will send only cookie name and value to the server. All the other properties like expires, domain, path, httponly can not be accessed once the cookie has been set.

When you assign a Cookie in the response a SetCookie header gets added to the output and that will contain not only the value but also the path and the expires value.

But when the client browser sends the cookie back to the server, it simply includes the cookie name and value only and It does not send path or expires info.

edited Jun 15 '16 at 10:22

answered Jun 15 '16 at 10:16

Rahul Nikate

6,192
5
42
54

If I create a one more cookie with the same name, it will overwrite the existing ? – Jun 15 '16 at 10:25
There is already answer for your question. See this link http://stackoverflow.com/questions/4056306/how-to-handle-multiple-cookies-with-the-same-name – Rahul Nikate Jun 15 '16 at 10:28

How to Extend Cookie expiry in .Net Web API HttpActionContext

2 Answers2