Hi, I would like to know if there's a way to redirect user to the login page after 30 minutes of inactivity. Below is the configuration suggested from older topics that I've implemented for HostModule:
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromSeconds(1800);
options.SlidingExpiration = true;
});
context.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.Unspecified;
});
And IdentityServerDataSeedContributor:
ClientName = name,
ProtocolType = "oidc",
Description = name,
AlwaysIncludeUserClaimsInIdToken = true,
AllowOfflineAccess = true,
AbsoluteRefreshTokenLifetime = 1800, //30 minutes
AccessTokenLifetime = 1800, //30 minutes
SlidingRefreshTokenLifetime = 300,
AuthorizationCodeLifetime = 300,
IdentityTokenLifetime = 300,
RequireConsent = false,
FrontChannelLogoutUri = frontChannelLogoutUri,
RequireClientSecret = requireClientSecret,
RequirePkce = requirePkce
The above configuration didn't make the site logout, even if I closed the browser or left it inactive.
When I add the code as below, the site does log-out after the token expired, but it doesn't solve the problem as while user is browsing, it still redirects to the login page no matter what.
context.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.Unspecified;
options.ExpireTimeSpan = TimeSpan.FromSeconds(1800);
options.SlidingExpiration = true;
});
context.Services.Configure<SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromSeconds(1800));
Could you take a look at it?