AuthFeature.SessionExpiry not honorated

ifinformatica · March 14, 2017, 3:51pm

Hello,
I’ve got a ASP.NET MVC application which uses a custom provider that inherits from CredentialsAuthProvider.

My problem is that the sessionExpiry is not honorated (I mean if I refresh the page even if the expiryperiod is elaped I got the user still authenticated)

Here’s how I register the plugin feature

var authFeature =
            new AuthFeature(
                () => new IFMSAuthUserSession(),
                new[] { authProvider },
                htmlRedirect: appSettings.Get(Resources.NotLoggedUrlkey, "~/login")
            );
authFeature.SessionExpiry = TimeSpan.FromSeconds(10);
        Plugins.Add(authFeature);

What am I doing wrong?
Thanks

I use the Servicestack 4.5.6

mythz · March 14, 2017, 6:03pm

Maybe there’s another SaveSession() being called that’s overriding the session. You can force the same expiry for all SaveSessions by overriding your AppHost’s OnSaveSession(), e.g:

public override void OnSaveSession(IRequest httpReq, IAuthSession session, TimeSpan? expiresIn = null)
{
    return base.OnSaveSession(httpReq, session, TimeSpan.FromSeconds(10));
}