MVC 5 Identity Automatic Logout

35,539

Its a property in the App_Start\Startup.Auth.cs file:

  app.UseCookieAuthentication(new CookieAuthenticationOptions
  {
      ExpireTimeSpan = TimeSpan.FromMinutes(5),
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login")
   });
Share:
35,539
Zapnologica
Author by

Zapnologica

I am an enthusiastic developer indulging in the world of programming. in love with C# .net

Updated on April 10, 2020

Comments

  • Zapnologica
    Zapnologica over 3 years

    How do I implement an Automatic Logout Timer.

    So basically if the user is inactive for x minutes their session is ended?

    I have tried:

    <system.web> 
       <sessionState timeout="1"/>
    </system.web>
    

    But it doesn't seem to work.

    Here is code that is in my startup:

    public void ConfigureAuth(IAppBuilder app)
    {
      // Enable the application to use a cookie to store information for the signed in user
      app.UseCookieAuthentication(new CookieAuthenticationOptions
      {
          AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
          LoginPath = new PathString("/Account/Login")
       });
     }
    

    Which says that I am using cookie Authentication. So i dono what that entails if I can do it or not.

  • Zapnologica
    Zapnologica almost 10 years
    May I ask where do you find information on this? I.e where is it documented? What are all the settings options I have available?
  • Zapnologica
    Zapnologica almost 10 years
    Also is it possible to make the system redirect or show a page saying timed out please login again?
  • Hao Kung
    Hao Kung almost 10 years
    Sure if you have an [Authorize] attribute protecting your action it automatically redirects you to the LoginPath in the options there. Aka it redirects you to the login page.
  • Zapnologica
    Zapnologica almost 10 years
    What I meant is like with internet banking, It must popup saying that your session has expired and you have been automatically logged out. Please login again. I want that to be displayed as the users session is timed out.
  • pwdst
    pwdst almost 10 years
    @Zapnologica - It would be fairly trivial to write this yourself using window.setTimeout in the front end. The main issue you would have is with multiple tabs, so rather than show the warning after the timeout - you'd want to make an Ajax request to the server to verify if the user was still logged on, and show your popup/layover based on that response. If you require more detail, please ask a new question.
  • PretzelSteelersFan
    PretzelSteelersFan over 9 years
    I believe the correct name is ExpireTimeSpan. Might have changed in the update to V2.
  • NoWar
    NoWar about 9 years
    Could you say how do we have configure web.config in that case? Thank you!
  • kat1330
    kat1330 about 9 years
    Hi Kung. I follow your approach but it doesn't work for me. I set ExpireTimeSpan and added [Authorize] but still is user logged wht time expire.
  • Aaron
    Aaron over 7 years
    ExpireTimeSpan is used to dictate how long a "Remember Me" cookie will remember the logged in user, through closing the browser, etc.
  • Ehsan Sajjad
    Ehsan Sajjad over 7 years
    i have used this property, but it seems to be not working, any idea why?
  • Rida Iftikhar
    Rida Iftikhar almost 6 years
    This doesn't work. ExpireTimeSpan is used when you want to expire the user session even if the user is still active. For inactivity first you need to set the SlidingExpiration to true and then add the following code. Provider = new CookieAuthenticationProvider { OnResponseSignIn = context => { context.Properties.AllowRefresh = true; context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10); } }