ASP.Net Identity not persisting cookie MVC6 vNext

I’m working on a MVC6 ASP.Net5 project, and am having trouble with .Net Identity persisting my authentication cookie on login.

I am using a custom user store, this is an existing DB with existing stored procedures etc…

My SignIn method is an extension on my User object, and follows.

public static async Task SignIn(this UserModel Model, UserManager<UserModel> UserManager, SignInManager<UserModel> SignInManager, bool RemeberMe = true)
        var Claims = new List<Claim>();
        Claims.Add(new Claim("UserID", Model.UserID.ToString()));
        Claims.Add(new Claim("Username", Model.Username));

        await UserManager.AddClaimsAsync(Model, Claims);

        await SignInManager.SignInAsync(Model, new AuthenticationProperties { IsPersistent = RemeberMe, AllowRefresh = true });

This works, and a cookie is added with an expiration date in the future.
enter image description here

The issue I am having is that even though the Identity cookie is set for long in the future, after 20ish minutes of inactivity, I am forced to re-login. This makes me think something is timing out, but I’m very new to Identity, and am not sure what I’m doing wrong (or really even where to start).

: this is my custom GetSecurityStampAsync in the custom user store. I know this isn’t secure or even really doing anything currently, but I’m just trying to figure out what the problem is right now. I plan on refactoring it later once it’s working.

public Task<string> GetSecurityStampAsync(UserModel user, CancellationToken cancellationToken)
        return Task.FromResult(user.UserID.ToString() + user.Username);

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

Make sure that you’ve set your timeouts according to your requirement[s]. There are two timeout configurations (ExpireTimespan and ValidateInterval) in Identity 2.1 that can affect how long a user can stay logged in. You can configure them using:

app.UseCookieAuthentication(new CookieAuthenticationOptions
   Provider = new CookieAuthenticationProvider
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(15)
    ExpireTimeSpan = TimeSpan.FromMinutes(30)

That is explained more in this article – a little dated but should still apply for the most recent version of ASP.NET Core that has been released at this time of writing (rc1).

If you’re using session, it could also be that you’re session is just timing out or is cleared.

By default you get a in-memory cache. As soon as the process is restarted, you will lose your session objects. You need to use a persistent storage for your session objects.

If you’re using SQL Server, here’s a good article to get you started.

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply