Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
OpenIdConnect terminates the session in 5 minutes
See original GitHub issueWe have ASP.NET app hosted in Azure, using CookieAuthentication. When user logs in, session stays valid (possibly hours or days, we haven’t measured exactly).
When we add OpenIdConnectAuthentication, the session gets terminated after 5 minutes of inactivity.
It is not necessary to use that OpenIdConnect to login. Even if user has used cookie based login, after 5 minutes of inactivity, the next request gets redirected to RedirectToIdentityProvider notification handler of OpenIdConnect, but at that time, the user session is already gone.
ASP.NET is using version 4.8, Owin libraries have version 4.2.2.
Is there any settings, which would make that session to last longer? Or settings, where OpenIdConnect would not interfere at all with sessions, it does not own?
Issue Analytics
- State:
- Created 8 months ago
- Comments:21 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @Tratcher ,
sorry for the delay, but I have now isolated repro for you on following repository: https://github.com/tomburger/aspnet-auth-sample
Just clone it, open solution in
srcfolder and run it in Visual Studio. It has a login screen and there are four users available, ringo@beat.les, john@…, paul@… and george@…, password “LetItBe” for all four of them. After login there are two pages and you can navigate between them with button. If you wait for 5 minutes and then you click the button, you will be logged out and redirected back to login screen.If you go to file
src\App_Start\Startup.Auth.csand comment out OIDC part (lines 25-79), then logout after 5 minutes is not happening.Please, notice that you are still using cookie authentication, the difference is only the call to
UseOpenIdConnectAuthentication. If you call it, your session is terminated after 5 minutes, if you do not call it, it will stay valid much longer.Feel free to ask more questions, or send me the pull request, if you know how to fix it. We can keep the repo then as a reference for generations to come 😉
Sorry, @Tratcher, for late reply. I have fixed the sample and I can confirm it works. Thanks a lot for your help.