ASP.NET MVC Session state is used to temporarily store and retrieve the values for a user when the user navigates to another view in an ASP.NET MVC application.
Usually, the session timeout configuration setting will be stored in the web.config file in the MVC application. If you want to increase the session timeout then open your application web.config file which is placed under your application root folder.
Add <sessionState timeout="300"></sessionState> code under <system.web> </system.web> the section as shown below, In this example, I have updated the timeout to 30 min
<system.web>
<sessionState timeout="30"></sessionState>
</system.web>
By default, the ASP.NET MVC session timeout value is 20 minutes.
For automatic Logout from Asp.net Identity when the user is Inactive, you have to use the below code in the Startup.cs file. The login page will be automatically redirected after 30 mins if the user is inactive.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
SlidingExpiration = true,
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature that is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Comments (0)