public void AddPermanentCookie(string cookieName, string cookieValue, bool? secureOnly = null)
{
var cookie = new Cookie(cookieName, cookieValue, RootPath) {
Expires = DateTime.UtcNow.AddYears(20)
};
if (secureOnly != null)
{
cookie.Secure = secureOnly.Value;
}
httpRes.SetCookie(cookie);
}
Please use the SessionFeature with a TimeSpan for the Expires. 20 years is a long time, and moreover, we cannot override it. PermanentSessionExpiry is already defined, but not used.
The 20 years means this permanent Cookie lasts forever, i.e. It’s Permanent. No one is expecting to wait 20 years for permanent cookies to expire, it lasts until they logout or clear their Cookies. In all likelihood they’re not going use the same device for 20 years, they’ll be lucky if the same website will be around in 20 years.
You likely don’t want to use a Permanent Cookie if you’re concerned about its expiry.