You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.
The current Microsoft.Owin.Security.Cookies middleware lets you select from either sliding or absolute expiration. It would be nice to allow for both - a short sliding expiration to handle timing out inactive users, but also an absolute expiration to handle maximum allowed session length before requiring re-authentication.
The only way to handle this currently is outlined in this blog article - modifying the cookie authentication provider to add custom data for the absolute expiration and having it enforced there.
It would be nice to have first-class support for this rather than having to hack it in every time.
The text was updated successfully, but these errors were encountered:
Closing this issue because we have no plans to implement this. We recommend using alternative solutions such as the one listed in the blog post linked above.
The current Microsoft.Owin.Security.Cookies middleware lets you select from either sliding or absolute expiration. It would be nice to allow for both - a short sliding expiration to handle timing out inactive users, but also an absolute expiration to handle maximum allowed session length before requiring re-authentication.
The only way to handle this currently is outlined in this blog article - modifying the cookie authentication provider to add custom data for the absolute expiration and having it enforced there.
It would be nice to have first-class support for this rather than having to hack it in every time.
The text was updated successfully, but these errors were encountered: