Greetings,
I'm having an issue with auto logout in Blazor Server-side, here is what I did:
I added the below after builder.Services.AddIdentity to Program.cs file:
builder.Services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.SlidingExpiration = true;
});
And the below before app.MapFallbackToPage
app.MapBlazorHub(option =>
{
option.CloseOnAuthenticationExpiration = true;
});
I have followed the instructions in this post as well but still the issue is the same, after the ExpireTimeSpan have passed, the user will still be logged in and can navigate through pages and perform actions on those pages, e.g. read from database, but once they refresh the page, i.e. press F5, they will be logged out.
For testing purpose, I have tried to reduce the options.ExpireTimeSpan = TimeSpan.FromSeconds(10), what I noticed is that after the ExpireTimeSpan has passed, the connection to the server will be disconnected showing "Attempting to reconnect to the server: 1 of 8", after a second the connection will be established again but the user will be on the same page and still can navigate and perform actions and will only be logged out if they refreshed the page.
I'd like to note that the same options have been tested with the default ASP.NET Core Identity and when the ExpireTimeSpan has passed the page will show "Attempting to reconnect" and then the user will be logged out and redirected to the Login page.
I found some posts online I believe for older frameworks (.NET Core 3 & 5) where the option CloseOnAuthenticationExpiration was not available, where they suggested to forcefully refresh the page to check the authentication cookie again, but since I use .NET 7 I believe those suggestions should not apply to me.
For my application keeping the user logged in for more than the intended time is a problem, so I would appreciate your support.
Regards,
Ghazi