When I activate the OWIN function to log out using security tokens and use the OnValidateIdentity -Callback CookieAuthenticationProvider with the SecurityStampValidator class, the user logs out every time he closes the browser.
provider.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<MyUserManager, MyUser>( System.TimeSpan.FromSeconds(10),(manager, user) => { return user.GenerateUserIdentityAsync(manager); });
However, when I do the plumbing myself (searching and comparing security stamps, refusal or updating an identifier) ββin the OnValidateIdentity callback, everything seems to work fine.
Is this a known bug or am I missing something? Or is there some good documentation about CookieAuthenticationProvider and using OnValidateIdentity ?
Digging in google shows only some simple patterns, but does not provide further understanding.
Additional Information
- I use my own implementation of UserStorage, which saves all the data in the database
- I noted that each page request calls GetSecurityStampAsync UserStorage twice, if I use my implementation only one call is made.
- Installed Identity Version 2.0.1
source share