This project has moved and is read-only. For the latest updates, please go here.

AuthenticationProperties.ExpireUtc property ignored in Owin CookieAuthentication?

Jun 26, 2014 at 6:08 PM
Edited Jun 26, 2014 at 6:18 PM

I have been doing some testing after converting my MVC 4 web application to MVC 5 and Owin authentication.
I have a facility where the user can select their login duration (session, 1 day, 10 days, etc) which worked well with Forms authentication, but which does not work at all with Owin CookieAuthentication.
I have tested with my app as well as the standard MVC 5 Application template in VS2013.

From what I can tell you can provide a global override using the CookieAuthenticationOptions.ExpireTimeSpan, which works, but the AuthenticationProperties.ExpireUtc property that can be supplied during AuthenticationManager.SignIn() is ignored.

I then reviewed the Microsoft.Owin.Security.Cookies source and found that global override in the CookieAuthenticationHandler.ApplyResponseGrantAsync() method:
  • the AuthenticationProperties are loaded into the CookieResponseSignInContext instance; but
  • context.Properties.ExpireUtc is then immediately overwritten to Options.ExpireTimeSpan.
I tested the above and found that when I change:
DateTimeOffset expiresUtc = issuedUtc.Add(Options.ExpireTimeSpan);
DateTimeOffset expiresUtc = signin.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan);
it allows for the on-request implementation of AuthenticationProperties.ExpireUtc.

Can you please comment on:
  • whether you are seeing the same behaviour; and
  • which behaviour is the desired one (favour global ExpireTimeSpan or per-request ExpireUtc)?
Jun 26, 2014 at 6:55 PM
Edited Jun 26, 2014 at 6:59 PM
Hey ;)

Which version are you using?
This bug has been fixed in April:
Jun 26, 2014 at 6:58 PM
I'm pretty sure I've already fixed this in v3. Take a look at the sources in the dev branch, and try the pre-release packages from here:
Jun 26, 2014 at 7:23 PM
Hi Tratcher and PinpointTownes,

Thanks for your speedy response.

I saw Issue / work item #115 from April and then grabbed 3.0.0-beta1 (e7538b488c13) on NuGet and the same source in error.
Apologies for the error and the effort...

I'll try those updated pre-release packages as you recommend, Thanks.