You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 20, 2018. It is now read-only.
This is more of a question but its not enough of a question that i could post it up on stack overflow without risking it just getting closed as primary opinion based or to broad. So i am going to put it here in hopes of getting an answer.
The issue is the understanding of how remember me is supposed to work. My problem is that its not doing what we would expect it to do.
Management expects when a user logs in and clicks remember me that they will then not be required to type their login and password again for a month. Whether or not they will still have to type in the 2fa code is up for debate.
What is actually happening is that i can close the browser reboot and come back for about an hour and 15 minutes and then i will be forced to type my password again. This still happens even with a valid .AspNetCore.Identity.Application cookie set that is not due to expire for another month.
After digging around in the code i found that Remember me is actually isPersistent and it is defined as.
Flag indicating whether the sign-in cookie should persist after the browser is closed.
Which brings you to:
There are two different types of Cookies:
session cookies, held in memory, and which expire once the browser exits
persistent cookies, which have a time-to-live, are persisted on disk, and are sent by the browser until their time-to-live has elapsed.
All this being said remember machine 2fa works as expected i am not prompted again for the 2fa and i have a cookie on my machine Identity.TwoFactorRememberMe.
So I guess my question is why are we not getting a Identity.FactorRememberMe or why isn't sign in respecting a long life time of the AspNetCore.Identity.Application cookie?
How is this supposed to work exactly? I am following the code here even though we have normal MVC and not razor pages like you have in the example. I am still just calling
var signInUserResult = await _signInManager.PasswordSignInAsync(userName, password, rememberMe, true);
Note: I am using Asp .net Identity in Identity server 4 application.
The text was updated successfully, but these errors were encountered:
This is more of a question but its not enough of a question that i could post it up on stack overflow without risking it just getting closed as primary opinion based or to broad. So i am going to put it here in hopes of getting an answer.
The issue is the understanding of how remember me is supposed to work. My problem is that its not doing what we would expect it to do.
Management expects when a user logs in and clicks remember me that they will then not be required to type their login and password again for a month. Whether or not they will still have to type in the 2fa code is up for debate.
What is actually happening is that i can close the browser reboot and come back for about an hour and 15 minutes and then i will be forced to type my password again. This still happens even with a valid
.AspNetCore.Identity.Application
cookie set that is not due to expire for another month.After digging around in the code i found that Remember me is actually isPersistent and it is defined as.
Which brings you to:
There are two different types of Cookies:
All this being said remember machine 2fa works as expected i am not prompted again for the 2fa and i have a cookie on my machine
Identity.TwoFactorRememberMe
.So I guess my question is why are we not getting a
Identity.FactorRememberMe
or why isn't sign in respecting a long life time of theAspNetCore.Identity.Application
cookie?How is this supposed to work exactly? I am following the code here even though we have normal MVC and not razor pages like you have in the example. I am still just calling
Note: I am using Asp .net Identity in Identity server 4 application.
The text was updated successfully, but these errors were encountered: