I’m facing a strange problem. I’m using SS authentication without changing the default sessionexpiry timeout and suddenly I got 401 unauthorized exception. I’m waiting from my customer all my log files in order to understand when the session was started, but I suppose more than 15 days ago.
I got the files. As expected, session was started more or less 15days ago and suddenly, without any kind of warning, I always received unauthorized exceptions.
this is my apphost implementation
Plugins.Add(new AuthFeature(() => new CustomAuthUserSession(),
where both PinAuthProvider and UserNameAuthProvider derive from CredentialsAuthProvider.
Am I right if I think that leaving all parameters to default values means an “infinite” session? Is it better to create a sliding session?
November 4, 2019, 6:21pm
No it’s not infinite. You can force the same expiry for all SaveSessions by overriding your AppHost’s
public override void OnSaveSession(IRequest httpReq, IAuthSession session, TimeSpan? expiresIn = null)
return base.OnSaveSession(httpReq, session, TimeSpan.FromDays(7 * 2));
Just for the future: how long will be the session leaving all parameters to default?
Overriding the OnSaveSession method in my apphost has the same effect of using a GlobalRepostFilter like this? (source:
GlobalResponseFilters.Add((req, res, dto) =>
var session = req.GetSession();
if (session != null)
Is it better to apply a specific sessiontimeout than leave it null?
November 5, 2019, 8:13am
OnSaveSession is the best way to control how long sessions are saved for, if
SaveSession() is called elsewhere it will override any previous save sessions.
Here are the defaults for