This project has moved and is read-only. For the latest updates, please go here.


Enable both sliding and absolute expiration for cookie authentication


The current Microsoft.Owin.Security.Cookies middleware lets you select from either sliding or absolute expiration. It would be nice to allow for both - a short sliding expiration to handle timing out inactive users, but also an absolute expiration to handle maximum allowed session length before requiring re-authentication.

The only way to handle this currently is outlined in this blog article - modifying the cookie authentication provider to add custom data for the absolute expiration and having it enforced there.

It would be nice to have first-class support for this rather than having to hack it in every time.
Closed Mar 2, 2017 at 10:43 PM by mgirgin


Tratcher wrote Oct 29, 2015 at 4:32 PM

FYI: Development of this component has moved to

tillig wrote Oct 29, 2015 at 5:27 PM

tillig wrote Oct 29, 2015 at 5:30 PM

You may want to update the "project site" for the Microsoft.Owin.Security.Cookies package to point to the GitHub repo. It's hard to tell that dev has moved.