Why doesn't cookie ExpireTimeSpan setting work?

Asked 27/2, 2018 at 15:30 Answered 2/11, 2022 at 16:5

Solved c#asp.net-core asp.net-core-mvc aspnetboilerplate asp.net-core-identity

I used:

services.AddAuthenticationCore().ConfigureApplicationCookie(o =>
{
    o.ExpireTimeSpan = TimeSpan.FromHours(1);
    o.SlidingExpiration = true;
});

to set my authentication cookie ExpireTimeSpan in Startup.cs in ASP.NET Core MVC project.

I can see that the cookie expire-time has been set correctly in the web browser after login, but it auto logout after 30 minutes every time, even if I refresh the website every 10 seconds.

If I set the ExpireTimeSpan less than 30 minutes, it can timeout correctly, but expire-time cannot be refreshed.

Why is it 30 minutes? Where can I change the 30 minutes timeout setting? Or is it set in IIS?

Pictograph answered 27/2, 2018 at 15:30 Comment(4)

You mean ASP.NET Core, right? – Norther 27/2, 2018 at 15:53

Are you calling before or after IdentityRegistrar.Register(services);? – Norther 27/2, 2018 at 16:3

Yes,it is Asp.net Core,and I calling before IdentityRegistrar.Register(services); – Pictograph 28/2, 2018 at 1:33

wasn't the sliding expiration the issue? – Lilas 19/11, 2022 at 4:35

Why is it 30 minutes?

It's the default of ASP.NET Core Identity.

Where can I change the 30 minutes timeout setting? Or is it set in IIS?

No. Call ConfigureApplicationCookie after IdentityRegistrar.Register:

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    // ...

    IdentityRegistrar.Register(services);                  // No change
    AuthConfigurer.Configure(services, _appConfiguration); // No change

    services.ConfigureApplicationCookie(o =>
    {
        o.ExpireTimeSpan = TimeSpan.FromHours(1);
        o.SlidingExpiration = true;
    });

    // ...
}

"If you define it before the services.AddIdentity, your custom values will be overwritten."

https://github.com/aspnet/Identity/issues/1389#issuecomment-324257591

Norther answered 28/2, 2018 at 1:58 Comment(3)

Use set options.ValidationInterval solve my problem，I think it maybe didn't pass the validity-check of the cookie。 – Pictograph 28/2, 2018 at 5:4

Sorry for asking here, but I have exactly the same problem in ASP.NET MVC Standard, I can decrease the expire time but I'm not able to increase it, Do you have any idea? – Mononucleosis 16/12, 2021 at 21:18

this was the only one that worked in identityserver4 +1 – Ravin 6/10, 2022 at 21:5

I know this is an old post but I'm posting this here because it took me ages to find a solution and this post came up a lot in my searches, see my answer here: https://mcmap.net/q/463440/-cookieauthenticationoptions-expiretimespan-does-not-work

Ballata answered 2/11, 2022 at 16:5 Comment(0)

Recommended topics

Hot tags