This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 70%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
How to force the web app goes to user/logout when session expired?
my C# codes below only goes to /user/logout when the session was expired if the user triggering something (ie. click a menu or hit refresh)
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/User/Login";
options.AccessDeniedPath = "/User/Login";
options.LogoutPath = "/User/Logout";
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(PrimeIoT.SIM.Models.AppSettings.Application.SESSION_TIMEOUT);
});
What is the "session" you mean? There is no relation between the Session so called in the ASP,NET and authentication ticket/cookie issued by the ASP.NEY Identity.
It's very simple. Create a JavaScript timer or use a meta tag that has the same timeout plus a second as the authentication cookie expiration. When the timer runs out, refresh the page.
https://www.w3schools.com/tags/att_meta_http_equiv.asp
https://developer.mozilla.org/en-US/docs/Web/API/setTimeout
Hi @Dondon510 , when the user gets logged out, your browser do not have any clue. One option you have is to use a Javascript timer that runs in the browser. The purpose of the timer is to issue a request and check whether the user is still logged in, you may use the response status code or see the cookie in the response. (Make sure you set SlidingExpiration to false).
Now in the javascript timer method, when you detect the cookie expired, you can redirect the user to the login page.
Hope this helps
Now in the javascript timer method, when you detect the cookie expired, you can redirect the user to the login page.
Expiration of cookie and authentication ticket are not the same. There is no way to know the expiration of authentication ticket by using JavaScript.
From the server you can get these information, right. Now create a page in the server and call this from the ajax call. Based on the response in the ajax call you can redirect the user to the login page.
BTW,
still related to session timeout, is it possible to set no session timeout?, currently I set to long expiry timeout like 999999 but I thought there is a better way to disable the session timeout, please CMIIW
What is the "session" you mean? Do you know that there is no relation between the Session so called in the ASP,NET and authentication ticket/cookie issued by the ASP.NEY Identity.
This is a new question and you want to disable the Session timeout???? What is your use case?
yes, if possible I want to disable the session timeout, the users some times need to do something and go back to the page and it goes to login page after the session timed out.
Simply set the authentication cookie expiration to a value that's acceptable for you application.
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(2);
});
Honestly, this post is very confusing because it changed approaches. Anyway, Session and Cookie Authentication are two different APIs as explained above.
The Cookie Authentication middleware is what redirects the browser. You can configure the timeout for both APIs in configuration very easily - read the docs. Otherwise, clearly explain the problem you are trying to solve rather than the solution.