Antiforgery token: how to change expiration time

Question

I'm trying to add a token to a razor view which is being sent through an HTTP header (I'm following the docs). Unfortunately, the default expiration timeout is different from the login session (120 mins vs 20, if I'm not mistaken).

So, is there a way to change the expiration time of the token? The options passed to the AAddAntiforgery method will let me setup the cookie lifetime, but what about the token? Do I need to change the session timeout?

Thanks

You can refer to this [thread](https://stackoverflow.com/a/15933707/11965297) — mj1313, Sep 11 '20 at 06:33

score 0 · Answer 1 · answered Sep 11 '20 at 09:11

0

After some digging, I've found the answer on the official MS docs. Besides settting the Load User Profile option to true, it's also required to make sure that the setProfileEnvironment is enabled (by default, it was set to false in the app pool default template on my Windows 10 dev machine).

answered Sep 11 '20 at 09:11

Luis Abreu

4,008
9
34
63

Your shared document doesn't explain anything, which document you are referring to? – Md Farid Uddin Kiron Apr 25 '22 at 05:22
Seems like it stopped working. Here's another: https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/host-and-deploy/iis/advanced.md – Luis Abreu Apr 26 '22 at 10:08

Antiforgery token: how to change expiration time

1 Answers1