AuthFeature.SessionExpiry not honorated

I’ve got a ASP.NET MVC application which uses a custom provider that inherits from CredentialsAuthProvider.

My problem is that the sessionExpiry is not honorated (I mean if I refresh the page even if the expiryperiod is elaped I got the user still authenticated)

Here’s how I register the plugin feature

var authFeature =
            new AuthFeature(
                () => new IFMSAuthUserSession(),
                new[] { authProvider },
                htmlRedirect: appSettings.Get(Resources.NotLoggedUrlkey, "~/login")
authFeature.SessionExpiry = TimeSpan.FromSeconds(10);

What am I doing wrong?

I use the Servicestack 4.5.6

Maybe there’s another SaveSession() being called that’s overriding the session. You can force the same expiry for all SaveSessions by overriding your AppHost’s OnSaveSession(), e.g:

public override void OnSaveSession(IRequest httpReq, IAuthSession session, TimeSpan? expiresIn = null)
    return base.OnSaveSession(httpReq, session, TimeSpan.FromSeconds(10));