0

My ASP.NET Core 1.1.1 app is logging out after about 30 minutes. I'm using some session variables and have installed Microsoft.AspNetCore.Session package and have configured the app as shown below. Have set the session expiration time to 2 hours. From what I've read the Authentication Cookie time by default is 14 days so that should not be an issue. Question: It seems I may be missing something here. What needs to be done to make the app not logout before 2 hours? What are the possible causes and what is a possible solution?

Note: The app is running on IIS 10 on windows 10. The Application Pool for the app is set to Not Managed Code and it's default idle time out is 20 minutes with idle timtout-action set to Terminate. But from what I've heard the IIS Application Pool Idle Time-out Settings play no role in ASP.NET Core.

Startup.cs:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using MyProjName.Data;
using MyProjName.Models;
using MyProjName.Services;

namespace MyProjName
{
    public class Startup
    {
        public Startup(IHostingEnvironment env)
        {
            var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);

            if (env.IsDevelopment())
            {
                // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
                builder.AddUserSecrets<Startup>();
            }

            builder.AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        public IConfigurationRoot Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            var connection = @"Server=MyWin10Machine;Database=MySQL20012Db;User Id=TestUSer;Password=TestPassword";

            services.AddDbContext<MyProjNameContext>(options => options.UseSqlServer(connection));

            // Add framework services.
            services.AddDbContext<ApplicationDbContext>(options =>
                options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

            services.AddIdentity<ApplicationUser, ApplicationRole>()
                .AddEntityFrameworkStores<ApplicationDbContext>()
                .AddDefaultTokenProviders();

            services.AddMvc();
            services.AddDistributedMemoryCache();
            services.AddSession(options =>
            {
                options.IdleTimeout = TimeSpan.FromHours(2);
                options.CookieHttpOnly = true;
            }); //extended the session timout to 2 hours. Default is 20 minutes

            // Add application services.
            services.AddTransient<IEmailSender, AuthMessageSender>();
            services.AddTransient<ISmsSender, AuthMessageSender>();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseDatabaseErrorPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }

            app.UseStaticFiles();

            app.UseIdentity();
            app.UseSession(); //must come before app.UseMvc()

            // Add external authentication middleware below. To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}
nam
  • 21,967
  • 37
  • 158
  • 332
  • @BlakeConnally The link you referred is not relevant here at all. That link is about very old legacy ASP.NET 2.0 - that is way before [ASP.NET Identity](https://www.asp.net/identity) was introduced. – nam Oct 25 '17 at 20:53
  • 1
    @nam You might want to look at [this SO answer](https://stackoverflow.com/a/45699799/296861) – Win Oct 25 '17 at 20:58
  • @Win Thanks. Your solution worked. So it means Application Pool Idle-Timeout settings do play a role in ASP.NET Core deployed to IIS. You may want to convert your comment to a `Response` with some additional comments so others can benefit with it, as well. I'll mark that as an `Answer`. – nam Oct 27 '17 at 00:08

0 Answers0