Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question about configuring authentication cookies lifetime (and other settings) #1496

Open
mobinseven opened this issue Nov 29, 2024 · 0 comments

Comments

@mobinseven
Copy link

mobinseven commented Nov 29, 2024

Which version of Duende IdentityServer are you using?

7.0.8

Which version of .NET are you using?

8.0

Describe the issue

I have two hosts running on two different domains. One host authenticates users for the other external one. The authentication process works perfectly.

What I need to be done next is to increase the lifetime of the issued cookie for the external host. I have already customized the authentication host cookie lifetime(MaxAge) using ConfigureApplicationCookie. On every new session, the external host always redirects user to get authenticated. Because the user is already logged in the main authentication domain (the user already has an identity cookie) the user gets instantly redirected to the external domain authenticated, until the session is ended.

What has been tried?

AddIdentityServer cookie settings

  1. Configure one host to authenticate users for the other using Duende.IdentityServer 7.0.8.
  2. Customize the authentication cookie settings using AddIdentityServer and set options.Authentication.CookieLifetime.
  3. Authenticate a user and check the cookie settings in the browser.

Result
This breaks authentication in the main host without even solving the problem. The authentication cookie gets cleared instantly after logging into the main host.

ConfigureExternalCookie cookie settings

  1. Same as previous but this time using options.ExpireTimeSpan of ConfigureExternalCookie.
  2. Authenticate a user and check the cookie settings in the browser.

Result
No change in behaviour.

Expected behavior

The customized authentication cookie settings, such as CookieLifetime, should be applied to the cookie issued to the user's browser in the external host.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant