Does ASP.NET Core 3.1/5 Identity uses Sessions for authentication? I know it uses cookie to store user information on the client machine for next requests, but thing which i don't understand is that, is only cookie enough or does it also created any session for this authentication cookie on the server?
Asked
Active
Viewed 5,523 times
6
Jackdaw
- 7,626
- 5
- 15
- 33
Nick Money
- 89
- 2
- 6
-
3The short answer is _no_. You can customise things to use session, but all the out-of-the-box, typical setup is sessionless. – Kirk Larkin Dec 18 '20 at 13:20
1 Answers
8
By default, Asp.net core Identity is cookie based, the user's identity stored in a cookie. You could check the following links to configure ASP.NET Core Identity.
Configure ASP.NET Core Identity
Generally, using cookie is enough, after the browser session closed (close the browser), it will clear the cookie, and if reopen the website, we have to login again.
If you want to use session to store the user identity, you could set the CookieAuthenticationOptions.SessionStore property to configure the authentication provider options.
The SessionStore property is an optional container in which to store the identity across requests. When used, only a session identifier is sent to the client. This can be used to mitigate potential problems with very large identities.
More detail information about using SessionStore, you can refer the following articles:
Zhi Lv
- 18,845
- 1
- 19
- 30