I’m currently hosting my ASP.NET Core application using Plesk, but I’m encountering an issue where the session times out after 20 minutes of inactivity, redirecting users to the login page. I would like to extend the session timeout so that users can remain logged in for a longer period.
I have already added the following code to my Program.cs
file, but it hasn’t resolved the issue:
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/logout";
options.ExpireTimeSpan = TimeSpan.FromDays(365);
options.Cookie.MaxAge = options.ExpireTimeSpan;
options.SlidingExpiration = true;
options.Cookie.IsEssential = true;
options.Cookie.HttpOnly = true;
options.Events.OnSigningIn = (context) =>
{
context.CookieOptions.Expires = DateTimeOffset.UtcNow.AddDays(365);
context.CookieOptions.MaxAge = options.ExpireTimeSpan;
context.Properties.AllowRefresh = true;
context.Properties.IsPersistent = true;
return Task.CompletedTask;
};
});
builder.Services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(365);
options.SlidingExpiration = true;
options.Cookie.IsEssential = true;
options.Cookie.HttpOnly = true;
options.Events.OnSigningIn = ctx =>
{
var issued = ctx.Properties.IssuedUtc ?? DateTimeOffset.UtcNow;
ctx.Properties.ExpiresUtc = issued.AddDays(365);
ctx.Properties.AllowRefresh = true;
ctx.CookieOptions.Expires = DateTimeOffset.UtcNow.AddDays(365);
ctx.CookieOptions.MaxAge = options.ExpireTimeSpan;
ctx.Properties.IsPersistent = true;
return Task.FromResult(0);
};
options.Events.OnSigningIn = (context) =>
{
context.CookieOptions.Expires = DateTimeOffset.UtcNow.AddDays(365);
context.CookieOptions.MaxAge = options.ExpireTimeSpan;
context.Properties.AllowRefresh=true;
context.Properties.IsPersistent=true;
return Task.CompletedTask;
};
});
What additional steps should I take to ensure the session timeout is extended? Are there specific configurations in Plesk or IIS that I need to adjust?
Thank you for your assistance!