I have created an out-of-the-box Web Forms 4.5.2 project with Individual User Accounts. I cannot get the login timeout to work. I updated the Web.config to set the timeout to 12 mins:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="12" slidingExpiration="true"
requireSSL="true" />
</authentication>
I explicitly set the session timeout to 20 mins, even though I presume this would be the default:
<sessionState mode="InProc" customProvider="DefaultSessionProvider" timeout="20">
It is my understanding that with slidingExpiration set to true that if the time elapsed is greater than half the session time, the timeout resets on a browser refresh. Aside from the slidingExpiration, the timeout just isn't working as I am still logged in when refreshing the browser after 12 minutes.
When this didn't work, I looked at the Startup.Auth.cs file and changed a time interval there to 12 mins also. I presumed this related to the expiration of the cookie:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity =
SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,
ApplicationUser>(validateInterval: TimeSpan.FromMinutes(12),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
I'm using a locally-installed instance of SQL Server 2014:
<add name="DefaultConnection"
connectionString="Server=XXX;Database=abc;user ID=myself;password=myself123"
providerName="System.Data.SqlClient" />
In IIS, session state is set to "In process" and cookie settings as follows:
Still not working. What am I missing?
UPDATE
I added a self-signed cert on my local dev machine, but still couldn't get timeout to work; constantly logged in. Do I have to write specific code to get this functionality? I've only worked with the old membership system up to now and am not very familiar with Owin/Katana/Identity/EF.
