I'm using default ASP.NET MVC authentication. when I published my site on server everything work fine but I logged out after 5 minutes inactivity. In order to resolve this problem of added a machine key to my web.config file. After than the problem of automatically log out increated to about 1 hour instead of 5 minutes, but sometimes (1 or 2 per 20 times) I got This error The anti-forgery cookie token and form field token do not match. What should I do to fix this?
Asked
Active
Viewed 3,432 times
0
Mehdi Rahimi
- 1,453
- 5
- 20
- 31
1 Answers
1
Basically, the problem is that your _RequestVerificationToken cookie does not match the value sent to your controller.
The verification tokens default lifetime is till the end of your session. What you described what you did to increase your sessions lifetime seems not to be the standard way to achieve a longer session time. Have a look here: session timeout
Next thing to consider: The default idle time for a website in IIS is 20 minutes. You can set the value to 0 to have it not going to idle state at all. However, that may only be a problem when you are not sending new requests to the IIS (eG having the page open in background). Have a look here IIS Idle Timeout
Hope this helps.
Ritzelprimpf
- 176
- 1
- 11
-
I add this line to web.config:
but I get error again. Also, I do not have access to the server to change IIS settings. – Mehdi Rahimi Jun 06 '18 at 08:00