How IsPersistent works in OWIN Cookie authentication
Solution 1
Persistent cookies will be saved as files in the browser folders until they either expire or manually deleted. This will cause the cookie to persist even if you close the browser.
If IsPersistent is set to false, the browser will acquire session cookie which gets cleared when the browser is closed.
Now the reason session cookie wont clear after restarting the browser is because of chrome default settings. To fix it go to chrome settings -> advanced, and uncheck Continue running background apps when Google Chrome is closed under System section.
Solution 2
public void Configuration(IAppBuilder app)
{
//Some Code
app.UseCookieAuthentication(GetCookieAuthenticationOptions());
//Some Code
}
private static CookieAuthenticationOptions GetCookieAuthenticationOptions()
{
var options = new CookieAuthenticationOptions();
{
CookieName = "AuthCookie", //Some cookie settings here
};
var provider = (CookieAuthenticationProvider)options.Provider;
provider.OnResponseSignIn = (context) =>
{
context.Properties.IsPersistent = true;
context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddHours(24);
};
return options;
}
Related videos on Youtube
Comments
-
cuongle almost 2 years
It seems I don't understand clearly how
IsPersistent
in OWIN cookie authentication works, the code below is to useIsPersistent
:var context = Request.GetOwinContext(); var authManager = context.Authentication; var properties = new AuthenticationProperties { IsPersistent = isPersistence }; authManager.SignIn(properties, identity);
I don't see the difference when user checks/unchecks
Remember me
(usesIsPersistent
behind) because if I close Chrome browser and open it again to go with the website, the cookie.AspNet.ApplicationCookie
is still there and it lets me in even I check or uncheckRemember me
.I have checked the definition of
IsPersistent
on the link:Gets or sets whether the authentication session is persisted across multiple requests.
But don't get much understanding since I see it still works.
The code to setup OWIN cookie authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationMode = AuthenticationMode.Active, AuthenticationType = ApplicationTypes.ApplicationCookie, ExpireTimeSpan = TimeSpan.FromMinutes(30), LoginPath = new PathString("/Account/LogOn") });
-
cuongle over 8 yearsAwesome answer, this is the first time I know this setting, thanks a lot
-
PBMe_HikeIt about 8 yearsActually there is another Chrome setting that will impact whether browser clears cookie. It is "continue where you left off" Good answer at ths SO Post If set then cookie is not cleared
-
Ella S. over 5 yearsNot working for core. There is no CookieAuthenticationProvider in Core Library.
-
PillowMetal about 4 yearsAs of this date, and under .net core 3.1, "continue running in background" had no influence in my testing. What DID have an effect is "continue where you left off" Since I wanted to ensure the user was always logged out, I placed the following code in the initial controller executed at startup: public async Task<IActionResult> IndexAsync() { if (_signInManager.IsSignedIn(HttpContext.User)) { await _signInManager.SignOutAsync(); return RedirectToAction(); } return View(); }
-
Alexander Mihailov over 3 yearsAs of 28.10.2020 MVC 5.2 asp.net 4 both options Continue running ... and Continue where ...do not have any effect on the cookie - it persists between tab/browser closes
-
Patrick about 2 yearsSaved my day. was trying to do it with OnValidateIdentity first but it didn't work. Thank you!