stackoom
  简体   繁体   中英

ASP.NET Identity session expires too fast on prod server

 原文  2015-08-24 21:02:43       c#/ asp.net/ session/ access-token/ expired-sessions

Question

After applying this tutorial to my project, on my local host there is no problem however when I deploy to prod server which is on plesk, session expires too fast. Less than 5 minutes probably and it is constantly like this.

As the tutorial uses localStorage instead of cookie, I can not be sure if I should check cookie time out.

Oh the other hand I have this in my Startup.Auth.cs: 

    public void ConfigureAuth(IAppBuilder app)
    {
        //...
        OAuthOptions = new OAuthAuthorizationServerOptions
        { 
            //...
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
        };
    }

How does prod IIS sets timeout and what should I do in my web.config to override this time out?

1 answers

solution1
 2 ACCPTED  2015-08-24 21:14:09

I assume what you mean is that 14 days is not long enough for your production environment? If not you will have to clarify what exactly you mean by 'too fast'.

The easiest way to do it is to add a setting to your web.config. 

<appSettings>
    <add key="cookieExpirationDays" value="30"/>
</appSettings>

And then set it in your method. 

 public void ConfigureAuth(IAppBuilder app) {
    //...
   var daysStr = System.Configuration.ConfigurationManager.AppSettings["cookieExpirationDays"];
   var days = string.IsNullOrEmpty(daysStr) ? 14 : int.Parse(daysStr);
    OAuthOptions = new OAuthAuthorizationServerOptions
    { 
    //...
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(days),
  };
}

EDIT (in response to the OPs edit)

If you are using cookies to persist the authentication token try this (see last line in the initializer). 

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    CookieName = "SecurityCookie",
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Authentication/Login"),
    CookieSecure = CookieSecureOption.SameAsRequest,
    CookieHttpOnly = true,
    AuthenticationMode = AuthenticationMode.Active,
    Provider = cookieProvider, // instance of Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider
    LogoutPath = new PathString("/Authentication/LogOff"),
    SlidingExpiration = true,
    ExpireTimeSpan = TimeSpan.FromDays(days),
});

Edit 2 Added example links

Complete tutorial

General Microsoft Documentation and Help

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Core Identity session expires sooner than it is configured to happen My user isn't logged out after the session expires using asp.net identity 2.0 ASP.Net 4 Session expires on postback How to set asp.net Identity cookies expires time ASP.NET Core MVC JWT expires too early ASP.NET Forms authentication timeout expires too soon Session expires when generating pdf using itextsharp in asp.net ASP.NET mvc auth or session expires quicker than set How to redirect to the previous page in asp.net after session expires Asp.net Identity Expire Session Cookie
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM