ASP.NET Identity Session Timeout

About

Asked 19/11, 2014 at 21:52 Answered 20/11, 2014 at 6:16

I use ASP.NET Identity .. I want to set session timeout to unlimited or max value. I've tried something but it doesn't effect. Note: I use shared hosting. Thank you.

//web.config
<system.web>
<customErrors mode="Off" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms" />
<sessionState timeout="500000" />
</system.web>

//asp.identiyt config 
public void ConfigureAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        ExpireTimeSpan = TimeSpan.FromDays(365),
        LoginPath = new PathString("/user/login"),
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>
                (
                     validateInterval: TimeSpan.FromDays(365),
                     regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
                     getUserIdCallback: (id) => (Int32.Parse(id.GetUserId()))
                )
        }
    });
}

Janes answered 19/11, 2014 at 21:52 Comment(3)

Note that Session and the identity login aren't necessarily the same thing. Also; trying to keep sessions "forever" is a really, really bad idea. And pretty much impossible. – Zorazorah 19/11, 2014 at 21:55

okay. i want to one week for example for timeout? – Janes 19/11, 2014 at 22:0

When you login to, for example, YouTube, you say logged in until you explicitly logout. I'm pretty sure some of the people asking variations on this question are asking how to configure their Identity provider to behave in that manner. – Fulllength 4/10, 2023 at 21:52

public void ConfigureAuth(IAppBuilder app)
{            
    var sessionTimeout = 20; // 

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        ExpireTimeSpan = TimeSpan.FromSeconds(30),
    });
}

Herson answered 20/11, 2014 at 6:16 Comment(5)

How does this meet the "unlimited or max value" requirement? – Zorazorah 20/11, 2014 at 14:5

You can't set session time out to unlimited but u can set timeout as per your requirment in web config – Herson 21/11, 2014 at 5:26

"You can't set the session time out to unlimited" That would have been valid and related information to include. What you posted was just another way to try what the OP was already trying, that wasn't doing what they wanted. – Zorazorah 21/11, 2014 at 15:10

this is the best answer, at least as close as one can get to "unlimited". Specifically you set the ExpireTimeSpan to something like the following: ExpireTimeSpan = TimeSpan.FromDays(45) which will allow the cookie to be valid fro 45 days – Catalonia 1/11, 2019 at 22:41

Can we presume the line var sessionTimeout = 20; // was just left in by accident in this example? It's not used in the code. – Fulllength 4/10, 2023 at 21:47

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags