Question

Setting up my first .net MVC5 project and the login works, but I have noticed the identity persists even overnight if I don't manually log out. I thought the isPersistent flag set to false would prevent this, but that is not the case and I am not finding any documentation telling me how to fix this.

Here is my async method to sign in

private async Task SignInAsync(SdIdentityUser user, bool isPersistent)
{
    AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
    var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
    Session["user"] = user;
    AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}

And here is the call to the method

await SignInAsync(user, isPersistent: false);

And here is my Startup.Auth configuration

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login")
    });
    // Use a cookie to temporarily store information about a user logging in with a third party login provider
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
Was it helpful?

Solution

I would delete this question if possible. The answer turned out to be that isPersistent when properly set to false works just fine. My code had a flaw that was causing the flag to be set to true.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top