如何在ServiceStack中提前会话超时

Question

The authentication, repository and caching providers in ServiceStack provide a simple way to add login sessions to a web application with almost no additional code. I have found that the session timeout for an authentication provider can be configured, for example:

new CredentialsAuthProvider { SessionExpiry = TimeSpan.FromMinutes(10) }

This provides an expiry from the point of login. If we are developing a secure system that must log a user out after a short time then we would change this from the default of 2 weeks to something like the example above. But this has the problem that 10 minutes from logging in the user will be kicked out regardless of whether or not they are still interacting with the application.

Is there a simple way to tell the session provider to extend the expiry time when services are called?

Ideally it would allow us to extend the session for specific services/requests (so that the session is only extended when the user actively interacts with the application and therefore polled services can be ignored).

Update

Based on the answer given by mythz we now have a simple solution that provides the level of control we require by extending the ResponseFilterAttribute .

Answer 1

ServiceStack doesn't support "sliding session expiration" automatically yet. You would basically need to reset the session cache entry on every successful request. ie you could have a response filter (since they're only executed for authenticated requests) that re-saves the session that will have the effect of extending it's life-time by the expiry time:

var userSession = httpReq.GetSession();
httpReq.SaveSession(userSession, slidingExpiryTimeSpan);

If you know what caching provider you're using, eg Redis you can manually update the expiry timeout without re-reading the entry, eg:

var sessionKey = SessionFeature.GetSessionKey(httpReq.GetSessionId());
redis.ExpireEntryIn(sessionKey, slidingExpiry); //"urn:iauthsession:{sessionId}"