c# - User gets logged out with 'Remember me' -

- April 15, 2014

i seem have trouble understanding way identity 2.0 , cookies work. asp.net mvc 5.

what want: if user logs in , checks checkbox 'remember me', don't want him logged out ever.. happens is: user gets logged out after timespan.

the 'remember me' functionality works if user closes browser before timespan. (when reopens website, he's still logged in.)

this code have signing in:

 public async task<actionresult> login(loginviewmodel model, string returnurl)  {       if (!modelstate.isvalid)       {            return view(model);       }        // require user have confirmed email before can log on.       var user = await usermanager.findbynameasync(model.email);       if (user != null)       {            if (!await usermanager.isemailconfirmedasync(user.id))            {                 await sendemailconfirmationtokenasync(user.id);                  modelstate.addmodelerror("", "gelieve eerst je e-mailadres te bevestigen.");                 return view(model);             }       }        // doesn't count login failures towards account lockout       // enable password failures trigger account lockout, change shouldlockout: true       var result = await signinmanager.passwordsigninasync(model.email, model.password, model.rememberme, shouldlockout: true);       switch (result)       {            case signinstatus.success:                 return redirecttolocal(returnurl);            case signinstatus.lockedout:                 return view("lockout");            case signinstatus.failure:            default:                 modelstate.addmodelerror("", "ongeldige aanmeldpoging.");                 return view(model);       }  }

and code in startup.auth:

 app.usecookieauthentication(new cookieauthenticationoptions  {       authenticationtype = defaultauthenticationtypes.applicationcookie,       loginpath = new pathstring("/account/login"),       expiretimespan = timespan.fromminutes(5),       provider = new cookieauthenticationprovider       {            // enables application validate security stamp when user logs in.            // security feature used when change password or add external login account.             onvalidateidentity = securitystampvalidator.onvalidateidentity<applicationusermanager, applicationuser, int>(                 validateinterval: timespan.fromminutes(10),                 regenerateidentitycallback: (manager, user) => user.generateuseridentityasync(manager),                 getuseridcallback: (id) => (id.getuserid<int>()))       }  });

so expect user not logged out after 5 minutes, because ispersistent flag set in passwordsigninasync function.

thanx help.

this known bug.

it can fixed replacing securitystampvalidator.onvalidateidentity own code - when cookie re-generated, forgets add "rememberme" property in new cookie , makes new cookie not persistent.

i think has been resolved in v2.2, version not out production yet. , sadly can't find original bug-report now.

Search This Blog

WINAPI

c# - User gets logged out with 'Remember me' -

Comments

Post a Comment

Popular posts from this blog

c++ - OpenMP unpredictable overhead -

ruby on rails - RuntimeError: Circular dependency detected while autoloading constant - ActiveAdmin.register Role -

javascript - Wordpress slider, not displayed 100% width -