780 questions
not enough information. maybe the site is recycling.
use the browser tools to track the if the cookie is sent.
I keep getting logged out
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 50%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECE%3C/text%3E%3C/svg%3E)
Cerbo Estúdio
1
Reputation point
Hello there.
I have a web application running using .NET 5.0 and Razor pages that keeps logging me out every 1-2 minutes on my production environment. The same app, runinng local doesn't do that.
I have cookies configured on my startup.cs file like this:
services.AddDefaultIdentity<Usuario>(options =>
{
options.SignIn.RequireConfirmedAccount = false;
options.Password.RequiredLength = 8;
options.Password.RequiredUniqueChars = 3;
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
})
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddRazorPages(options =>
{
options.Conventions.AuthorizeFolder("/Admin");
options.Conventions.AuthorizeFolder("/Fotografo");
});
services.AddAntiforgery(o => o.HeaderName = "XSRF-TOKEN");
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "user_site";
options.LoginPath = "/Login";
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.SlidingExpiration = true;
options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
});
And as you can see on the attached image, the cookie is correctly set in the website
The problem happens when I log in in the /Admin folder, then after a few minutes I try to access another page inside the same folder, the app will redirect me to the login page with the page that I tried to access as a ReturnURL parameter. On my local environment this doesn't happen, only on the production. Could you help me to identify why this happens and how could I fix it?
Thank you very much.
Developer technologies | .NET | Entity Framework Core
Developer technologies | ASP.NET | ASP.NET Core
4,827 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-12-19T05:30:01.843+00:00 Hi @Cerbo Estúdio ,
Can you tell us your production environment, whether you are hosting the application on IIS? If you are hosing the application on IIS, it might relate the IIS Idle Time-out property (by default it is 20 minutes) or the AppPool size limit (Refer to this thread).
Sign in to comment
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 78,006 Reputation points Volunteer Moderator2022-12-16T21:33:28.917+00:00 -
Cerbo Estúdio 1 Reputation point
2022-12-19T13:03:28+00:00 Thanks for the answer.
What kind of information you think would be relevant to provide here?
Any way of knowing if the site is recycling? The website is hosted in a hosting company so I don't have direct access to things like IIS and such, but I could open a ticket if I knew what to look for.
-
Bruce (SqlWork.com) 78,006 Reputation points Volunteer Moderator
2022-12-19T18:00:59.43+00:00 if the cookie is being sent from the browser when the login fails. then most likely its a recycle (your app crashed and restarted). your logging should detect this. typically on recycle a new encryption key is generated so the old cookie can not be read. you could specify the key storage for protection services (see docs for web farm).
Sign in to comment -