ASP.NET Core identity cookie not getting removed on browser close

Question

I am using ASP.NET Core Identity. After signing in with with password like this:

Microsoft.AspNetCore.Identity.SignInResult result = await signInManager.PasswordSignInAsync(appUser, login.Password, isPersistent:false, lockoutOnFailure:false);

I remain signed in. If the browser window is closed, I'm trying to get the cookie to be removed.

This is my startup code:

public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<AppIdentityDbContext>(options =>
            options.UseMySql(
                Configuration["ConnectionStrings:DefaultConnection"], new MySqlServerVersion(new Version(10, 6, 5))));


    services.AddIdentity<AppUser, IdentityRole>().AddEntityFrameworkStores<AppIdentityDbContext>()
                                                         .AddDefaultTokenProviders();
    services.AddControllersWithViews().AddRazorRuntimeCompilation();

    services.AddScoped<IPatientsRepository, PatientRepository>();
    services.AddScoped<IWebhooksNotificationsRepository, WebhooksNotificationsRepository>();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseAuthentication();
    app.UseRouting();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
            });
}

I set the IsPersistent property for the cookie to false and I expected that it should not persist if the browser window is closed.

When you set `isPersistent` property to false, The sign-in cookie will not persist after the browser is closed. Do you close all the tab? For example, You open this project in chrome, After you log in, When you close browser , Do you close the whole chrome instead of just this asp.net core tab? — Xinran Shen, Nov 08 '22 at 06:36
No i don't close all the tabs, On closing all tabs it redirects but The problem is I lose all Session values on closing application tab, But this cookie remains there. This leads to problems in application. — bezshah, Nov 08 '22 at 07:38
This cookie is a session cookie, When the browser closes it automatically deletes session based cookies (non-persistent cookies), but no cookies are cleared when an individual tab is closed. The server is not notified of tab or browser close events. You can refer to this [issue](https://stackoverflow.com/questions/805895/why-doesnt-closing-a-tab-delete-a-session-cookie) — Xinran Shen, Nov 08 '22 at 08:22

score 0 · Answer 1 · answered Nov 08 '22 at 07:05

0

Be aware that this is up to the browser. And many modern browsers like Chrome and Edge make it more convenient for the user by picking up right where the program left off.

It does this by acting as though the browser was never closed.

answered Nov 08 '22 at 07:05

Jonathan Wood

65,341
71
269
466

The problem is I lose all Session values on closing tabs, But this cookie remains there. This leads to problems in application. – bezshah Nov 08 '22 at 07:41

ASP.NET Core identity cookie not getting removed on browser close

1 Answers1