SlidingExpiration and Extend

2020-03-26 c#

I have this piece of code within Startup.Auth.cs.

app.UseCookieAuthentication(new CookieAuthenticationOptions
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Home"),
    Provider = new CookieAuthenticationProvider
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                validateInterval: TimeSpan.FromMinutes(30),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    SlidingExpiration = true,
    ExpireTimeSpan = TimeSpan.FromMinutes(30)

I'm aware that the cookie lasts 30 minutes, and extends another 30 minutes if a request is more than halfway through the expiration window.

I have a popup timer that popups after 25 minutes of inactivity, via jQuery, with the option to click and Extend your login/cookie.

My issue is that if I browse the website for 2/3 minutes, then I'm inactive for 25 minutes and click on my Extend cookie/login button, it doesn't work extend the login.

More testing...

I opened a new browser and logged on at 21:24 and then clicked around some pages and stopped at 21:29. Extended with 3 mins left and was logged out. So the session was based on the 21:24 time (expired at 21:54) but the timer was using the 21:29 time expires at 21:59, I extended at 21:56.

public async Task<JsonResult> ExtendLogin()
    var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());

    await SignInAsync(user, false);

    return Json(true, JsonRequestBehavior.AllowGet);

What am I missing, please?

Thank you