Reducing the Remember Me time #5231 | Support

ed_developer2 created one year ago

Hello, I am trying to reduce duration for which website remembers a user. Currently its set for ever we want to limit it to 1 hour, how can we do it. We tried this approach but didn't work. We tried to configure the authentication cookie in our host module. context.Services.ConfigureApplicationCookie(options => { options.ExpireTimeSpan = TimeSpan.FromSeconds(120); // Set the expiration time to 5 minutes options.SlidingExpiration = false; }); Can you please help me with this.

30 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

What's your client? MVC or Blazor or Angular?

ConfigureApplicationCookie only works for MVC(AuthServer) side.
0

ed_developer2 created one year ago

Hello maliming, We have angular integration on frontend. but as ABP, provides the login functionality in backend for that we are using MVC. Can you help us to reduce the remember time to 1hour. After 1Hour if the user revisits the page then he/she will be asked to login again.

Thank you.
0

maliming created one year ago
Support Team Fullstack Developer

hi

After 1Hour if the user revisits the page then he/she will be asked to login again.

What's this UI?

Does the user revisit on MVC or angular page?
0

ed_developer2 created one year ago

User revisit on Login Screen to get authenticated again. And Login Page is mvc. And Can you tell us whether our login/logout is coming from Swagger API (backend) is it the right way or the login should be in the frontend only? Thanks
0

maliming created one year ago
Support Team Fullstack Developer

hi

Are you using angular for UI? Is your angular UI not logout after 5 minutes?

What's your abp version?
0

ed_developer2 created one year ago

hi, No, After 5mins i revisit the page but i was not asked to login. And my Abp version is 7.0.2. Thanks
0

ed_developer2 created one year ago

Hello can you please help me with this?

maliming created one year ago

Support Team Fullstack Developer

Please try this

PreConfigure<OpenIddictServerBuilder>(builder =>
{
    builder
        .SetAccessTokenLifetime(TimeSpan.FromSeconds(120))
        .SetIdentityTokenLifetime(TimeSpan.FromSeconds(365));
});

You can share an online website. I will test it

liming.ma@volosoft.com

0

maliming created one year ago
Support Team Fullstack Developer

hi

Some code(ConfigureApplicationCookie) of your project is not working. Please share your project code with me.

liming.ma@volosoft.com
0

maliming created one year ago
Support Team Fullstack Developer

hi

Hello, I don’t get the point for remember me, the functionality works like this if the user checks the remember me then he/she don’t need to authenticate for every time he/she revisits the page for default time it was set. And if he/she don’t check then, the user needs to authenticate again. This is what I am doing but its not happening. Any suggestions from your side. Thank you.

If you didn't select the remember me the login state is session if will be invalid after you close the browser.

https://www.cookiepro.com/knowledge/what-is-a-session-cookie/

Select the remember me the cookies will be valid in ExpireTimeSpan even if you close the browser.
0

ed_developer2 created one year ago

Hello, Thanks for the information.

But I have tested without checking the remember me, I have logged in and close the browser. Then again I reopen the browser and open the URL. Its coming as logged in.

Why this is happening. Thanks.
0

maliming created one year ago
Support Team Fullstack Developer

hi

I have logged in and close the browser.

Please check the cookies on the browser and make sure its session

You may need to end the browser process instead of close tabs.
0

ed_developer2 created one year ago

https://prnt.sc/0sl-3ktv93vZ I have checked its session, but everytime I open the browser, same value is coming, That's why I am getting logged in.

Any idea or any way to end this session everytime I close the tab or browser.

Thank you.
0

ed_developer3 created one year ago

Hi maliming

can you please share a sample application where Remember me functionality is working, An angular front end and .net core webapi backend sample with only login and remember me functionality will do. We will check how its working in the sample. Again reiterating our requirement 1 If user checks Remember me checkbox then he should not be asked for Login till he logs out. 2 he will be automatically logged in in case he hasn't logged out and closes browser tab. 3 We should be able to configure the time to remember the logged in user from any backend or frontend.

Thanks
0
maliming created one year ago
Support Team Fullstack Developer
The identity cookie's name is Identity.Application. If this cookie doesn't exist. Your login state will be invalid.

hi @ed_developer3

You have API and angular websites.

API use cookies and angular use access token.

You can control the cookies by ConfigureApplicationCookie.

Set remember me the cookies will be valid for 14 days by default. You can change the time by ConfigureApplicationCookie

UnSet remember me the cookies is session will be invalid after close the browser. The behavior is different in different browsers.

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-7.0#cookie-settings

The access token lifetime control by

PreConfigure<OpenIddictServerBuilder>(builder => { builder .SetAccessTokenLifetime(TimeSpan.FromSeconds(120)) .SetIdentityTokenLifetime(TimeSpan.FromSeconds(365)); });

It will get a new access token after invalid. You can remove the offline_access scope from oAuthConfig to disable the refresh token feature.
0

ed_developer3 created one year ago

hi maliming

we were able to reduce the time for Remember me duration to what ever we configured but the problem is that its default behaviour and is like this no matter we check the checkbox for remember me on login page. Also when we close the browser within configured timeout user is still logged in but it should be logged out as its session cookie as stated by you.

Can you let us know why Remember checkbox is not working or do we have to manually do it if yes how.
0

maliming created one year ago
Support Team Fullstack Developer

hi

https://support.abp.io/QA/Questions/5231#answer-3a0bd55f-37b2-1f28-914f-7b52bbf16f87

If you publish your site with custom lifetime configuration, I will check it online.
0

maliming created one year ago
Support Team Fullstack Developer

The cookies are session. It is deleted after I quit the Chrome browser(end process). I opened the URL again the cookies disappeared.
0

maliming created one year ago
Support Team Fullstack Developer

Click the Remember me
0

ed_developer2 created one year ago

Hello, I have added all the custom configuration.

Can you check once what's the issue in remember me checkbox default behavior.

Thank you.
0

maliming created one year ago
Support Team Fullstack Developer

hi

Now the cookies are valid within 1 hour.
0

maliming created one year ago
Support Team Fullstack Developer

There should be no problem. The ConfigureApplicationCookie is working as expected.
0

ed_developer2 created one year ago

But why I am able to revisit the page if I have not selected the checkbox. I have tried everything, I have quit the chrome browser. still able to revisit.
0

maliming created one year ago
Support Team Fullstack Developer

https://us05web.zoom.us/j/86723786925?pwd=TlkrMXhOdjdoNVBwSG9KT3BFOWdFZz09
0

maliming created one year ago
Support Team Fullstack Developer

hi

The remember me used by cookies. The angular use access token, it will not delete by browser.

Showing 1 to 25 of 30 entries.

Previous
1 (current)
2
Next

Have an answer to this question? Log in and write your answer.