Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Enable both sliding and absolute expiration for cookie authentication #557

Closed
tillig opened this issue Oct 29, 2015 · 2 comments
Closed

Enable both sliding and absolute expiration for cookie authentication #557

tillig opened this issue Oct 29, 2015 · 2 comments
Milestone
Backlog

Comments

@tillig
Copy link

tillig commented Oct 29, 2015

The current Microsoft.Owin.Security.Cookies middleware lets you select from either sliding or absolute expiration. It would be nice to allow for both - a short sliding expiration to handle timing out inactive users, but also an absolute expiration to handle maximum allowed session length before requiring re-authentication.

The only way to handle this currently is outlined in this blog article - modifying the cookie authentication provider to add custom data for the absolute expiration and having it enforced there.

It would be nice to have first-class support for this rather than having to hack it in every time.
@brockallen
Copy link

This would be great to have.

@tillig tillig mentioned this issue Oct 29, 2015
Closed
@Tratcher Tratcher added this to the Backlog milestone Oct 29, 2015
@HaoK HaoK modified the milestones: 1.0.0-rc2, Backlog Nov 12, 2015
@Eilon Eilon added this to the Backlog milestone Nov 20, 2015
@Eilon
Copy link
Member

Eilon commented Mar 29, 2018

Closing this issue because we have no plans to implement this. We recommend using alternative solutions such as the one listed in the blog post linked above.

@Eilon Eilon closed this as completed Mar 29, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@Eilon @brockallen @tillig @Tratcher @HaoK