Users log out very quickly

c# asp.net-mvc identity

I am using ASP.NET identity membership. This is the Startup.Auth.cs code:

 app.CreatePerOwinContext(EFDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),  
            ExpireTimeSpan = TimeSpan.FromHours(3),
            CookieName = "MyLoginCookie",

            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))

            }
        });

As you can see I've set expiretimespan to 3 hours, but on the production server it doesn't work; it expires in about ten minutes. When I inspect elements MyLoginCookie still exists. On localhost it works fine. Why does it have problems on the production server? Do I need to set CookieDomain?


Solution 1:

The reason for users logging off is because of error in validation of forms-authentication data and view-state data. It could happen for different reasons including using web farm in hosting services.You should check <machineKey> in your project webconfig. Check here for details about that. If you don't have<machineKey>in your webconfig, try adding this piece of code after <system.web> in your webconfig:

    <machineKey 
    validationKey="AutoGenerate,IsolateApps"
    decryptionKey="AutoGenerate,IsolateApps"
    validation="HMACSHA256"
    decryption="Auto"
    />

The other option is using generated ASP.NET Machine Key inside webconfig. There are some online tools which my recommended ones are this and this.

Related

Colouring the surface of a sphere with a set of scalar values in matplotlib
PHP - Replace colour within image
How do I make Perl scripts recognize parameters in the Win32 cmd console?
Send emails with international accent and special characters
Can anyone get access to my PHP source code?
Functions with variable number of input parameters
Dismissing both UINavigation views and Modal views at once programmatically
Creating an SQLite3 database file through Objective-C
Using comma in Javascript variable declaration
Make a p:calendar readonly
Reverse String Word by Word in Java
Firebase synchronisation of locally-modified data: handling errors & global status