Hello there,
I'm trying to understand SecurityStampValidator Validation Interval in the code below as user keeps telling me that they get logged out.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
});Since the default ASP.NET Identity template only has
validateInterval leaving the ExpireTimespan hidden and set to the default of 14 days.
As per my understanding the Security Stamp is created anytime a password is created/changed or an external login is added/removed. If a user changes their password then the SecurityStamp will be updated. This results in any cookie that might have been issued
previous to the password change to become invalid the next time the
validateInterval occurs.
User is telling me that they get logged out after 30 minutes of inactivity.
Joe