This repository has been archived by the owner on Dec 20, 2018. It is now read-only.
Remember me isPersistent understanding #2079
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This is more of a question but its not enough of a question that i could post it up on stack overflow without risking it just getting closed as primary opinion based or to broad. So i am going to put it here in hopes of getting an answer.
The issue is the understanding of how remember me is supposed to work. My problem is that its not doing what we would expect it to do.
Management expects when a user logs in and clicks remember me that they will then not be required to type their login and password again for a month. Whether or not they will still have to type in the 2fa code is up for debate.
What is actually happening is that i can close the browser reboot and come back for about an hour and 15 minutes and then i will be forced to type my password again. This still happens even with a valid
.AspNetCore.Identity.Applicationcookie set that is not due to expire for another month.After digging around in the code i found that Remember me is actually isPersistent and it is defined as.
Which brings you to:
There are two different types of Cookies:
All this being said remember machine 2fa works as expected i am not prompted again for the 2fa and i have a cookie on my machine
Identity.TwoFactorRememberMe.So I guess my question is why are we not getting a
Identity.FactorRememberMeor why isn't sign in respecting a long life time of theAspNetCore.Identity.Applicationcookie?How is this supposed to work exactly? I am following the code here even though we have normal MVC and not razor pages like you have in the example. I am still just calling
Note: I am using Asp .net Identity in Identity server 4 application.
The text was updated successfully, but these errors were encountered: