I have an ASP.NET Core 2.1 web app running on .NET 4.6.1
When setting the ValidationInterval to 0 (for debugging purposes) I noticed that I am logged out straight away.
services.Configure<SecurityStampValidatorOptions>(options =>
{
options.ValidationInterval = TimeSpan.Zero;
});
It's my understanding that the cookie and the security stamp should be used to re-validate and keep me logged in. At the moment my SecurityStamp implementation just returns the same UserId every time so we should always stay logged in.
All relevant .NET code can be found on GitHub Gist
A related problem also exists which I believe is to do with the SecurityStamp. If the user does not want to be remembered (isPersistent = false) then the user will actually be remembered for the duration of the ValidationInterval across all new and existing browser windows.
Comments
Post a Comment