MVC 5 Identity Automatic Logout
35,539
Its a property in the App_Start\Startup.Auth.cs
file:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = TimeSpan.FromMinutes(5),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
Author by
Zapnologica
I am an enthusiastic developer indulging in the world of programming. in love with C# .net
Updated on April 10, 2020Comments
-
Zapnologica over 3 years
How do I implement an Automatic Logout Timer.
So basically if the user is inactive for x minutes their session is ended?
I have tried:
<system.web> <sessionState timeout="1"/> </system.web>
But it doesn't seem to work.
Here is code that is in my startup:
public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login") }); }
Which says that I am using cookie Authentication. So i dono what that entails if I can do it or not.
-
Zapnologica almost 10 yearsMay I ask where do you find information on this? I.e where is it documented? What are all the settings options I have available?
-
Zapnologica almost 10 yearsAlso is it possible to make the system redirect or show a page saying timed out please login again?
-
Hao Kung almost 10 yearsSure if you have an [Authorize] attribute protecting your action it automatically redirects you to the LoginPath in the options there. Aka it redirects you to the login page.
-
Zapnologica almost 10 yearsWhat I meant is like with internet banking, It must popup saying that your session has expired and you have been automatically logged out. Please login again. I want that to be displayed as the users session is timed out.
-
pwdst almost 10 years@Zapnologica - It would be fairly trivial to write this yourself using window.setTimeout in the front end. The main issue you would have is with multiple tabs, so rather than show the warning after the timeout - you'd want to make an Ajax request to the server to verify if the user was still logged on, and show your popup/layover based on that response. If you require more detail, please ask a new question.
-
PretzelSteelersFan over 9 yearsI believe the correct name is ExpireTimeSpan. Might have changed in the update to V2.
-
NoWar about 9 yearsCould you say how do we have configure web.config in that case? Thank you!
-
kat1330 about 9 yearsHi Kung. I follow your approach but it doesn't work for me. I set ExpireTimeSpan and added [Authorize] but still is user logged wht time expire.
-
Aaron over 7 yearsExpireTimeSpan is used to dictate how long a "Remember Me" cookie will remember the logged in user, through closing the browser, etc.
-
Ehsan Sajjad over 7 yearsi have used this property, but it seems to be not working, any idea why?
-
Rida Iftikhar almost 6 yearsThis doesn't work.
ExpireTimeSpan
is used when you want to expire the user session even if the user is still active. For inactivity first you need to set theSlidingExpiration
to true and then add the following code.Provider = new CookieAuthenticationProvider { OnResponseSignIn = context => { context.Properties.AllowRefresh = true; context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10); } }