Sunday, January 28, 2018

[.NET Core 2.0] Issues with Cookie Auth

I am having problems with my authentication cookies apparently getting removed before their expiration date. I have a .NET Core 2.0 website which is a mix of MVC controllers and API controllers. As long as you're navigating around, the cookie appears to operate as expected. But if I only make calls to API controllers, after about 30 minutes the cookie will get removed, forcing me to re-authenticate. I'm sure I'm missing something simple in my configuration, but I can't any clues in the official docs as to what I'm doing wrong. I'm using this set of pages for reference, specifically Intro to Identity, Configure Identity and Using Cookies Without Identity.

Chrome Network Log Headers for login:

HTTP/1.1 302 Found Cache-Control: no-cache Pragma: no-cache Expires: -1 Location: /Example/Play Server: Kestrel Set-Cookie: .AspNetCore.Identity.Application=<value omitted for security & brevity>; expires=Sat, 10 Feb 2018 21:28:39 GMT; path=/Example; samesite=lax; httponly Set-Cookie: .AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/Example; samesite=strict X-Powered-By: ASP.NET Date: Sat, 27 Jan 2018 21:28:39 GMT Content-Length: 0 

After about 30 minutes, one of the API calls will return the following headers:

HTTP/1.1 302 Found Cache-Control: no-cache Pragma: no-cache Expires: -1 Location: http://0.0.0.0/Example/Account/Login?ReturnUrl=%2FExample%2Fapi%2FStream Server: Kestrel Set-Cookie: .AspNetCore.Identity.Application=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/Example; samesite=lax Set-Cookie: Identity.External=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/Example; samesite=lax Set-Cookie: Identity.TwoFactorUserId=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/Example; samesite=lax X-Powered-By: ASP.NET Date: Sat, 27 Jan 2018 21:59:47 GMT Content-Length: 0 
[.NET Core 2.0] Issues with Cookie Auth Click here
  • Blogger Comment
  • Facebook Comment

0 comments:

Post a Comment

The webdev Team