How IsPersistent works in OWIN Cookie authentication

cuongle picture cuongle · Aug 11, 2015 · Viewed 24.3k times · Source

It seems I don't understand clearly how IsPersistent in OWIN cookie authentication works, the code below is to use IsPersistent:

var context = Request.GetOwinContext();
var authManager = context.Authentication;
var properties = new AuthenticationProperties { IsPersistent = isPersistence };

authManager.SignIn(properties, identity);

I don't see the difference when user checks/unchecks Remember me (uses IsPersistent behind) because if I close Chrome browser and open it again to go with the website, the cookie .AspNet.ApplicationCookie is still there and it lets me in even I check or uncheck Remember me.

I have checked the definition of IsPersistent on the link:

Gets or sets whether the authentication session is persisted across multiple requests.

But don't get much understanding since I see it still works.

The code to setup OWIN cookie authentication:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationMode = AuthenticationMode.Active,
    AuthenticationType = ApplicationTypes.ApplicationCookie,
    ExpireTimeSpan = TimeSpan.FromMinutes(30),
    LoginPath = new PathString("/Account/LogOn")
});

Answer

Hezye picture Hezye · Aug 17, 2015

Persistent cookies will be saved as files in the browser folders until they either expire or manually deleted. This will cause the cookie to persist even if you close the browser.

If IsPersistent is set to false, the browser will acquire session cookie which gets cleared when the browser is closed.

Now the reason session cookie wont clear after restarting the browser is because of chrome default settings. To fix it go to chrome settings -> advanced, and uncheck Continue running background apps when Google Chrome is closed under System section.