Cookie Authentication expiring too soon in ASP.NET Core

I know that is too late for answering this question, but for whom facing this. The IIS reset pool every 20 minutes and every 20 mins ASP.NET generate new key for protect cookie values (Authentication and Session). to prevent this, add following code to ConfigureServices in Startup class

services.AddDataProtection()
                .PersistKeysToFileSystem(new System.IO.DirectoryInfo("SOME WHERE IN STORAGE"))
                //.ProtectKeysWithCertificate(new X509Certificate2());
                .SetDefaultKeyLifetime(TimeSpan.FromDays(90));

A complete guide is here. It is all about DataProtection

users are being prompted to log back in after being idle for an hour or less, and loosing work.

I have similar configuration, but it works fine for me.

One thing I can think of is you cannot let web server idle for 20 minutes. IIS's app pool default idle time-out is 20 minutes (I could not say for other Linux web server).

So you could either set longer app pool time-out (0 for infinity), or ping every 5 minutes from external service like Monitis.

enter image description here

Cookie Authentication expiring too soon in ASP.NET Core

Tags:

C#

Authentication

Asp.Net Core Mvc

Related

Recent Posts