Hello. Faced such a problem: It is necessary to extend the user session to the maximum possible. Here is the code of the class itself with the help of which I am authorizing the user:

public static class AuthenticationExtensions { public const string StringValueType = "http://www.w3.org/2001/XMLSchema#string"; public static void SignIn(this Controller controllerBase, CustomerUserSM user, bool isPersistent = false) { var authenticationManager = controllerBase.HttpContext.GetOwinContext().Authentication; authenticationManager.SignIn(); authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); var identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie, ClaimTypes.Name, ClaimTypes.Role); identity.AddClaim(new Claim(ClaimTypes.Name, user.FullName, StringValueType)); identity.AddClaim(new Claim(ClaimTypes.Email, user.Email, StringValueType)); identity.AddClaim(new Claim(ClaimTypes.Role, user.Role, StringValueType)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.PKID.ToString())); authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = isPersistent }, identity); } public static void SignOut(this Controller controllerBase) { var authenticationManager = controllerBase.HttpContext.GetOwinContext().Authentication; authenticationManager.SignOut(); } }

I tried to specify in Web.config:

 <authentication mode="Forms"> <forms timeout="99999999"/> </authentication> <sessionState timeout="525500" />

However, this did not help.

  • Session (sessionState) and authentication (forms / identity) are completely different things. sessionState is a browser session, not a user session. - PashaPash

2 answers 2

Register ExpireTimeSpan in CookieAuthenticationOptions :

 public void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions { ExpireTimeSpan = TimeSpan.FromMinutes(30) // значение побольше }); }

    Thanks, but already solved the problem by changing the time in the following code:

     app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromHours(500), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });
    • there seems to be two timeouts - validateInterval - how often to check for changes in the password, and ExpireTimeSpan - the lifetime of the cookie itself. - PashaPash
    • Well, it seems like for a couple of days I haven’t logautilo, but I read about ExpireTimeSpan, thank you very much! - Just3f