How to set TimeOut for OwinContext in MVC 5

Question

When a user access a website and enters their credentials which are stored in our database, we when create an authentication.

How do you set the timeout? Using MVC 5.

My Authentication looks like this:

        var claims = new List<Claim>();
        claims.Add(new Claim("UserId", user.UserID.ToString()));
        claims.Add(new Claim(ClaimTypes.Name, user.FirstName + " " + user.LastName));
        claims.Add(new Claim(ClaimTypes.Email, user.Email));
        claims.Add(new Claim(ClaimTypes.NameIdentifier, user.UserID.ToString()));
        var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);

        var ctx = Request.GetOwinContext();
        var authenticationManager = ctx.Authentication;
        authenticationManager.SignIn(id); 

Answer 1

The way to set an fixed expiration time span is to set the ExpireTimeSpan property in your Startup.Auth.cs file like this:

// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    ExpireTimeSpan = TimeSpan.FromDays(2)
});

Note that you'll also have to set the cookie to persist. In your code you'll have to pass in a bool in addition to the username and password, and then change

authenticationManager.SignIn(id); 

to be

authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = rememberMe }, id); 

Answer 2

With the following you do not need to use Startup.cs

AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddHours(1), }, id);