There is an unsaved comment in progress. You will lose your changes if you continue. Are you sure you want to reopen the work item?
Allow ExpireUtc from ResponseSignIn to override middleware level expires setting
Some websites may allow user to choose how long to keep his session. We should allow user to pass ExpireUtc property during sign in to override the middleware level expire setting, so they can control the session time.
The bug applies on both cookie middleware and OAuth server middleware.