IsPersistent does not work - Cookie is valid only for the current session

Question

IsPersistent does not work - Cookie is valid only for the current session

I have an ASP.NET MVC 5 application that uses ASP.NET Identity 2.1.0 to authenticate users.
Everything worked fine in the past, but now I found out that persistent user sessions no longer work. I can’t say what change violated this, but it worked when I implemented Identity (converted the application from SimpleMembership ), and this is my logic that I have at the moment:

 var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, shouldLockout: true);

SignInManager is my ApplicationSignInManager based on SignInManager<ApplicationUser, int> and model.RememberMe is true .

And my setup is:

 app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { OnValidateIdentity = ApplicationCookieIdentityValidator.OnValidateIdentity( validateInterval: TimeSpan.FromMinutes(0), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

Everything works fine except save user sessions. I checked the cookies returned by my server and .AspNet.ApplicationCookie always returns as "valid for the current session" instead of any date in the future. So when I close and reopen the browser, I need to log in again ...

Does anyone have an idea why this is not working (anymore)?

PS: I redefined SignInAsync in my ApplicationSignInManager because there is some kind of user logic there, but I even checked with the debugger for the following call:

 await base.SignInAsync(user, isPersistent, rememberBrowser);

isPersistent is true , so it should create a persisten cookie.

+7

c # asp.net-mvc asp.net-mvc-5 asp.net-identity asp.net-identity-2

Chrfin Sep 08 '14 at 19:26

source share

2 answers

Updating both AspNet.Identity.Core and AspNet.Identity.Owin to version 2.2.1 should solve this problem.

+1

Mr. Flibble 25 sept. '16 at 11:33

source share

trailmax · Accepted Answer · 2014-09-08T21:26:57+0000

This is a known bug in Identity and looking at this answer is not new.

When a cookie is regenerated for each request, the IsPersisted flag is not set, even if it was set in the original cookie.

To get around this, you will need to implement your own version of the cookie validator, which will set the flag as is.

I think I have a solution for you, but I have not compiled and tested it, just just the general direction you need to go. See This gist for full code .
This is just the SecurityStampValidator code taken from the decompiler. I added the added lines 91-96 . Basically, I take the "IsPersistent" flag from the previous cookie and add it to the new cookie when it is created. This was not done in the unmodified version.

And then in your Auth.Config you will do:

 Provider = new CookieAuthenticationProvider { OnValidateIdentity = MySecurityStampValidator.OnValidateIdentity( validateInterval: TimeSpan.FromMinutes(0), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) }

Beware, however, when the new version is missing, check to see if it is fixed, so you can remove the dirty fix. This issue reported a fix , but shortly after v2.1 came out.

IsPersistent does not work - Cookie is valid only for the current session

More articles: