I'm having difficulty getting a MVC web application to sign out when the user remains idle too long. The desired outcome is that if the user is idle for X amount of time, they will be automatically signed out and forced to log in again. I'm using ASP .NET Core 2, and Identity to manage users.
I've researched this the best that I can, and decided to just create a new app to simplify things. I created a brand new MVC project and use Individual User Accounts for the authentication. I've tried several things, but from the documentation it seems like I should just have to set the ApplicationCookie like this and set it to expire. Are there other changes required to get the desired outcome of logging out the user automatically? I'm assuming I'm missing something obvious...
services.ConfigureApplicationCookie(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.Expiration = TimeSpan.FromSeconds(60);
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
options.AccessDeniedPath = "/Account/AccessDenied";
options.SlidingExpiration = true;
});Thank you.