I’ve been struggling with OWIN cookies for a couple of days now and I’m hoping someone can point me in the right direction.
I want my users to be logged out only when the browser is closed. I’ve tried everything I can think of, but I can’t prevent users from being logged out after 20 minutes.
These are my relevant web.config settings
<system.web><authentication mode="None" /> </system.web><system.webServer><modules><remove name="FormsAuthentication" /></modules></system.webServer>
This is my Startup class.
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/login"),
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
CookieSecure = CookieSecureOption.SameAsRequest,
CookieHttpOnly = true,
SlidingExpiration = false,
LogoutPath = new PathString("/account/login")
});
}
}What causes the early expiration?
Can anyone suggest what I'm doing wrong?