search

aspnet / AspNetKatana

Microsoft's OWIN implementation, the Katana project
Apache License 2.0
963 stars 332 forks source link

Setting cookie expiration for OpenIdConnectAuthentication #345

Closed deastr closed 4 years ago

deastr commented 4 years ago

Hi. I'm trying to set an expiration date for OIDC cookie. I tried to set AuthenticationTicket.ExpiresUtc in Notifications.SecurityTokenValidated but the .AspNet.Cookies cookie expiration time is still "Session" in browser. Is there a way to do this?

app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
                CookieHttpOnly = true
            });

var oidcOptions = new OpenIdConnectAuthenticationOptions
            {
                UseTokenLifetime = false,
                ..
                SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenReceived = n =>
                    {
                        n.AuthenticationTicket.Properties.ExpiresUtc = System.DateTimeOffset.UtcNow.AddMinutes(30);
                        return Task.FromResult(0);
                    }
            };

I'm using ASP.NET MVC .NET 4.5.2, Owin 4.0.1

deastr commented 4 years ago

Apparently you also need to add n.AuthenticationTicket.Properties.IsPersistent = true;