This project has moved and is read-only. For the latest updates, please go here.

Can you configure OWIN Cookie Authentication to prevent certain URLs from affecting sliding expiration?

Apr 1, 2015 at 9:39 PM
Edited Apr 1, 2015 at 9:42 PM
We have an ASP.NET MVC 5 app using Cookie Authentication with a sliding expiration. On the client, we have a script that polls a web service every minute for notifications. We would like to prevent that web service call from causing the auth token expiration to slide forward. Is there any built-in way to do that?

I also was considering implementing my own custom sliding expiration method in an OnValidateIdentity handler, but setting ExpiresUtc in that method doesn't appear to actually affect the token's expiration date. Am I missing something?
app.UseCookieAuthentication(new CookieAuthenticationOptions
    Provider = new CookieAuthenticationProvider
        OnValidateIdentity = cookieValidateIdentityContext =>
            cookieValidateIdentityContext.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(-1);
            return Task.FromResult(0);

    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    AuthenticationMode = AuthenticationMode.Active,
    LoginPath = new PathString("/"),
    SlidingExpiration = false,
    LogoutPath = new PathString("/Sessions/Logout")
Jun 24, 2015 at 12:54 PM
Edited Jun 24, 2015 at 12:57 PM