- ABP Framework version: v4.1.2
- UI type: Angular
- DB provider: EF Core
- Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi, this is the case that I have encountered: I login to the browser and kept it open while the computer was put to sleep mode and I could still access without logging in the day after. I have set AbsoluteRefreshTokenLifetime=1800 (30 minutes), Is there a way to force logout in that case?
10 Answer(s)
-
0
hi annguyentps
Would it still happen if the computer was not sleeping?
set
AccessTokenLifetime
andAbsoluteRefreshTokenLifetime
to 1 minute and retry. -
0
Hi maliming
Yes, it still happen if the computer was not sleeping. I have a feeling I'll never be logged out if I still open browser. If I close browser and waiting for timeout then reopen the browser, I get the login page. I had set AccessTokenLifetime and AbsoluteRefreshTokenLifetime to 1 minute. I see the refresh token api in the network, one of them fails with invalid_grant (so can not get new token), then a few second some api get error, then I refresh the page (press f5) and I can still access to the system without logout.
I also tried setting expire time for cookies, but it not work .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromMinutes(1); options.SlidingExpiration = true; });
-
0
hi
I will check this.
-
0
Hi @annguyentps
The problem has already fixed. You should upgrade your solution to the v.4.4.0. Please refer to Upgrading the ABP Framework document.
-
0
Thanks Mehmet I will upgrade my solution, will let you know the result later.
-
0
-
0
Hi,
We are working to redirect the user to the login page when the token expires. We are having some issues with the authorization code flow. We'll let you know when the issue is resolved.
Thanks!
-
0
This question has been automatically marked as stale because it has not had recent activity.
-
0
Hi @Mehmet, Do you have any updates for this, or is there a new version that has addressed this?
-
0
Hi,
It will probably be resolved in v5.0. Thanks for your understanding.