We added this feature to 2.0, here's how you would configure the CookieMiddleware to get fresh claims every 30 minutes (regenerateIdentity should call into the code that you use to generate the ClaimsIdentity for users when they sign in, and validateInterval controls how often regenerateIdentity is called, but only if the old cookie is still valid)
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider {
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});