Last post Apr 24, 2015 01:26 PM by tonye755
Apr 23, 2015 09:06 AM|tonye755|LINK
I'm using Asp.net Identity 2.2.1. I'm giving the user a cookie that expires in 14 days, but it seems there are many reasons a user could get logged out of my site. The CookieAuthenticationProvider's OnValidateIdentity method is still causing me problems
logging my users out, I've heard there's a session state expiration, and then there's my app pool's idle timeout that will end all user sessions, etc... What I'm wondering now is what is the point of a 14 day cookie, which is the default, if the defaults for
expiring sessions and app pools are more like 20 minutes?
My goal here is to let users stay logged in for several days or maybe even 2 weeks much the way my Facebook or e-mail account works for me. Yet, it seems the session expiration is the end all for the user being logged in despite the cookie. Is there any
way to log the user back in just from their cookie?... or do I really need to setup my server up so that the app pool is maintained (idle timeout) for several days just to ensure my users stay logged in for several days? There must be a way to take advantage
of the app pools idle timeout feature while still keeping users logged in, or somehow re-logging in the user seamlessly. What am I missing here?
Apr 24, 2015 05:26 AM|Archer Wang|LINK
Thank you for your post. Form your post, it seems that CookieAuthenticationProvider.OnValidateIdentity doesn't work. Here is a similar case for you refer, please check the below link.
Besides, how do you use Session, and have you set the timeout of session ? About re-login a user from a cookie, I suggest that you could store the user's information at its cookie. when user accesses your website, check the cookie whether it has value and it
Here is an example about how to auto login when a user choose remember me, I suggest that you could refer to it.
By the way, here is a similar case about use Form Authentication to auto login.
Hope this could be helpful to you.
Apr 24, 2015 01:26 PM|tonye755|LINK
These links seem to refer to the old way using forms authentication. I am using the newest templates with Asp.net Identity 2.2.1. Not the example and replies here:
http://forums.asp.net/t/2046899.aspx?ASP+NET+Identity+Remember+Me which show the OnValidateIdentity issue as well as the code I'm using from the template to setup cookie authentication.
I haven't set a sessionstate expiration in my web.config but it's one of the things I've read about that can expire a users session. I don't think it's my problem but is part of a larger question about why session overrules cookie persistence.