TechQA.

Different values for ASP.NET Core auth cookie's ExpireTimeSpan and Cookie.MaxAge

45 views Asked by At

ASP.NET Core's cookie middleware can be configured like so:

builder.Services.ConfigureApplicationCookie(x => {
  x.SlidingExpiration = true;                           // the default
  x.ExpireTimeSpan    = ...
  x.Cookie.MaxAge     = ...
});
  • ExpireTimeSpan sets the lifespan of the actual authentication "ticket" enclosed in the cookie; after that time, the middleware will reject that auth ticket
  • Cookie.MaxAge sets the lifespan of the cookie itself; after that time the browser should delete the cookie

A scenario: one could configure it such that if the user logs in weekly, the auth ticket would be kept alive for a year (due to sliding expiration); at that point, the cookie itself would reach it's max age and would be deleted by the browser.

Is that the intended use case? Are there other use cases where their values should differ?

asp.net-core cookies razor-pages asp.net-core-identity asp.net-core-7.0
Original Q&A
0

There are 0 answers

Related Questions in ASP.NET-CORE

Related Questions in COOKIES

Related Questions in RAZOR-PAGES

Related Questions in ASP.NET-CORE-IDENTITY

Related Questions in ASP.NET-CORE-7.0

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions