Login Security

How can I require login everytime someone access my application. Current login setup keeps the user logged in even if they close the browser window. This is sometimes causing an issue with loading when a new windows is opened. I would like to make sure that a login is required no matter whether they just closed the browser or logged our correctly.

We are using the following code to perform the login:

signInManager.PasswordSignInAsync(userName, password, false, false);

The argument (false) for the third parameter explicitly tells ASP.NET Identity not to persist the login cookie. This is also what we observe - after closing the browser the application redirects to the login page. In short we are not sure how or why the login could be persisted after closing the browser - this isn't the behavior that we observe in our tests.

1 Like

Thank you for the quick response. I am not sure either. It is also happening during development on my local machine. I will continue to investigate.

1 Like

I have rebuilt just the login and security portion of my application to test if I had some piece of code that is changing the persistance of the login and I found what may be the issue. I ran the application multiple times and was sent to login page every time. Then I closed the browser completely and opened it again to a different web application (tried a few different ones) then opened my Radzen application in a second tab. When I close the tab that the Radzen application is on, the login persists and I can't login again without logging out. I am not sure if this is a code issue or a browser issue, but wanted to let you know what I have found so far.

So it seems that if the browser does not completely close, the login persists and I have to close the browser completely to reset it.