Last post Nov 10, 2018 01:49 PM by b.dev
Nov 10, 2018 12:52 PM|b.dev|LINK
I configured CookieAuthenticationOptions as below :
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
//ExpireTimeSpan = TimeSpan.FromHours(1),
SlidingExpiration = true,
Provider = new CookieAuthenticationProvider
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>(
regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager),
getUserIdCallback: (id) => (id.GetUserId<int>())),
Whenever a user resets his/her password, his login in other browsers will be invalidated and user should try to login again. But I don`t want the user to login again in a browser he already changed password with, and only other browsers session get invalidated.
Is it possible ? Or I should redirect user to login page ?
Nov 10, 2018 01:47 PM|mgebhard|LINK
I'm guessing the problem you are trying to solve is a user that has logged in with two different browsers. If the user updates their password, then all cached auth cookies should be invalidated.
The code shown above checks for invalid auth cookies every minute. Since cookies are browser instance specific it only affects the current browser request and should work exactly as you requested.
Is the problem the user is redirected to the login page after updating the password? If so, just write code within the password update method to logout and login. Just copy the code from your login
Otherwise, explain the problem you are trying to solve.
Nov 10, 2018 01:49 PM|b.dev|LINK
I think redirect user from the change password is a better solution.