ASP.NET Core Session Timeout

4
votes

I remember we have used session.timeout in ASP.NET to change the session timeout which was 20 minutes if not changed.

I tried to change the session time out in ASP.NET Core 3.1 in Startup.cs but nothing happens. I use Identity for operators and set the Idle Timeout for 5 hours 'I Think' but operators sign out after 1-2 minutes and should re-login hundreds of times for completing an article.

services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromHours(5);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
});

What am I missing ??

2
asp.netasp.net-coresessionasp.net-identitysession-cookies
Can you provide the rest of your startup file. - jgetner
If you would like to change Identity expiration time, just use this. - Rena
@Mertez; Please mark the answer as an accepted if it was helpful or comment it if-else. - XAMT
@XAMT It didn't solve my problem, My logged in Identity users log off after 2-3 minutes and none of the articles including your answer solved my issue - Mertez
@Mertez; Add a name to your cookie and check it before/after time out. Use EditThisCookie chrome extension and like so to check the cookie. Check Expiration and Session. Session must not have check. - XAMT

2 Answers

0
votes

For using session state in an ASP.NET Core you need to add the session middleware to your pipeline.

important: The order of middleware is the key. Call UseSession between UseRouting and UseEndpoints.

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseSession();
}

More info : MSDN

0
votes

As you said you are using identity then use the following code in your startup.cs class after services.AddIdentity().

public void ConfigureServices(IServiceCollection services)
    {
        ...

        services.AddAuthentication().AddCookie(o =>
        {
            o.ExpireTimeSpan = TimeSpan.FromHours(5);
        });
    }