MVC 5 Identity Automatic Logout

About

Asked 6/2, 2014 at 13:13 Answered 6/2, 2014 at 19:50

Solved asp.net-mvc asp.net-mvc-5 asp.net-identity owin asp.net-authentication

How do I implement an Automatic Logout Timer.

So basically if the user is inactive for x minutes their session is ended?

I have tried:

<system.web> 
   <sessionState timeout="1"/>
</system.web>

But it doesn't seem to work.

Here is code that is in my startup:

public void ConfigureAuth(IAppBuilder app)
{
  // Enable the application to use a cookie to store information for the signed in user
  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login")
   });
 }

Which says that I am using cookie Authentication. So i dono what that entails if I can do it or not.

Propaganda answered 6/2, 2014 at 13:13 Comment(0)

Its a property in the App_Start\Startup.Auth.cs file:

  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
      ExpireTimeSpan = TimeSpan.FromMinutes(5),
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login")
   });

Agony answered 6/2, 2014 at 19:50 Comment(11)

May I ask where do you find information on this? I.e where is it documented? What are all the settings options I have available? – Propaganda 7/2, 2014 at 6:53

Also is it possible to make the system redirect or show a page saying timed out please login again? – Propaganda 7/2, 2014 at 8:27

Sure if you have an [Authorize] attribute protecting your action it automatically redirects you to the LoginPath in the options there. Aka it redirects you to the login page. – Agony 7/2, 2014 at 19:5

What I meant is like with internet banking, It must popup saying that your session has expired and you have been automatically logged out. Please login again. I want that to be displayed as the users session is timed out. – Propaganda 10/2, 2014 at 7:31

@Propaganda - It would be fairly trivial to write this yourself using window.setTimeout in the front end. The main issue you would have is with multiple tabs, so rather than show the warning after the timeout - you'd want to make an Ajax request to the server to verify if the user was still logged on, and show your popup/layover based on that response. If you require more detail, please ask a new question. – Semicolon 11/2, 2014 at 11:52

I believe the correct name is ExpireTimeSpan. Might have changed in the update to V2. – Cissiee 8/4, 2014 at 15:40

Could you say how do we have configure web.config in that case? Thank you! – Uneducated 17/10, 2014 at 18:14

Hi Kung. I follow your approach but it doesn't work for me. I set ExpireTimeSpan and added [Authorize] but still is user logged wht time expire. – Sherr 28/10, 2014 at 20:12

ExpireTimeSpan is used to dictate how long a "Remember Me" cookie will remember the logged in user, through closing the browser, etc. – Gilboa 9/6, 2016 at 17:35

i have used this property, but it seems to be not working, any idea why? – Griqua 15/6, 2016 at 1:56

This doesn't work. ExpireTimeSpan is used when you want to expire the user session even if the user is still active. For inactivity first you need to set the SlidingExpiration to true and then add the following code.

Provider = new CookieAuthenticationProvider                 {                     OnResponseSignIn = context =>                     {                         context.Properties.AllowRefresh = true;                         context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10);                     }                 }

– Saphead 6/12, 2017 at 6:12

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags