Timeout MVC website after period of inactivity
Question
I'm trying to timeout my MVC site after a period of inactivity.
I've tried numerous things but none seem to work. I've tried the following:
using the CookieAuthenticationOptions class
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromMinutes(1),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/xxx")
});
using forms authentication element in the web.config:
<authentication mode="Forms" >
<forms loginUrl="~/xxxx" timeout="1"/>
</authentication>
and also using the sessionState within the config file:
<sessionState timeout="1"/>
But none of these seem to work.
What am I missing and which is the best approach?
1 answers
solution1
0 2017-03-24 13:10:06
First, you're conflating two concepts here: session timeout and authentication timeout. In other words, there's no such thing as a "website timeout"; you need to figure out what you're actually trying to control here. Next, session timeouts are sliding , so as long as the user is actively using the website, their session will never timeout. Authentication timeouts are absolute, though, so after the specified time has passed, the user will be logged out, regardless of whether they are actively using the site or not.
As far as authentication timeouts go, you're actually conflating two concepts here as well: Identity and Membership (forms authentication). The first bit of code you have is how the authentication timeout is controlled in ASP.NET Identity, while the second piece of code is how you control that with ASP.NET Membership. The two are mutually exclusive and obviously need to match with the actual authentication mechanism your project is utilizing.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.