How to set Forms Auth cookie expiration in ASP.NET MVC 5?

StackOverflow https://stackoverflow.com/questions/22999967

  •  01-07-2023
  •  | 
  •  

Question

In the Login method of my AccountController I have the following:

var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, model.UserName));
AuthenticationManager.SignIn(
  new AuthenticationProperties { IsPersistent = model.RememberMe,
                                 ExpiresUtc = expiry },
  new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie));

where expiry is a calculated DateTimeOffset value.

No matter what I set for the expiry value the expiration of the .AspNet.ApplicationCookie is always 14 days.

Is there any way to customize this expiration value?

Is it related to https://katanaproject.codeplex.com/workitem/115 ?

Note that in Startup.Auth.cs I do not have the ExpireTimeSpan property set. When I do set that property its value is respected, and the approach above still does nothing.

Was it helpful?

Solution

This was fixed in this commit on Apr 16, 2014.

    protected override async Task ApplyResponseGrantAsync()
    ...
    DateTimeOffset issuedUtc = Options.SystemClock.UtcNow; 
(-) DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
    context.Properties.IssuedUtc = issuedUtc; 
(-) context.Properties.ExpiresUtc = expiresUtc;
(+) if (!context.Properties.ExpiresUtc.HasValue)
(+) {
(+)     context.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
(+) } 

    Options.Provider.ResponseSignIn(context); 

    if (context.Properties.IsPersistent)
    {
(+)    DateTimeOffset expiresUtc = context.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
       cookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime;
    }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top