SignInWithoutSpecifyingTenant - Issue with Persistent User Sessions After Removing Tenant Selector

[martingagne]

I have implemented the approach to remove the tenant selector as shown in the sample at SignInWithoutSpecifyingTenant. While the code works as expected and the tenant selector is successfully removed, I am encountering an issue with user sessions. Users are not staying logged in for an extended period, typically being logged out after 20-30 minutes of activity. This requires frequent re-logins, approximately a couple of times per hour.

Steps to Reproduce

• Followed the implementation as per the SignInWithoutSpecifyingTenant sample.
• Successfully removed the tenant selector.
• Logged into the application.
• After 20-30 minutes of usage, the session expires, and the user is logged out.

Environment

• ABP Framework version: 7.4.0
• User's browser and version: Firefox 121.0.1
• Server environment (e.g., Windows/Linux, .NET Core version): Windows 11

How do I control the duration of the session? Ideally I would like the session to last at least a day. @maliming, is this something you can help me with?

[realLiangshiwei]

See: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-7.0#cookie-settings

options.ExpireTimeSpan = TimeSpan.FromMinutes(60);

[martingagne]

Thank you @realLiangshiwei. I tried this and I am still having the same issue. I added the ExpireTimeSpan in the ConfigureServices of the WebModule, is this the right location?

    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        var hostingEnvironment = context.Services.GetHostingEnvironment();
        var configuration = context.Services.GetConfiguration();

        PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
        {
            if (hostingEnvironment.IsProduction())
            {
                // https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
                options.AddDevelopmentEncryptionAndSigningCertificate = false;
            }
        });

        PreConfigure<OpenIddictServerBuilder>(options =>
        {
            if (hostingEnvironment.IsProduction())
            {
                options.AddEncryptionCertificate(LoadCertificate("..."));
                options.AddSigningCertificate(LoadCertificate("..."));
            }
        });

        Configure<AbpAspNetCoreMultiTenancyOptions>(options =>
        {
            options.MultiTenancyMiddlewareErrorPageBuilder = async (context, exception) =>
            {
                // Handle the exception.
                Debugger.Break();

                // Return true to stop the pipeline, false to continue.
                return true;
            };
        });

        Configure<AbpTenantResolveOptions>(options =>
        {
            options.TenantResolvers.Clear();
            options.TenantResolvers.Add(new CurrentUserTenantResolveContributor());
        });

        // HttpClient
        context.Services.AddHttpClient();

        ConfigureAuthentication(context);
        ConfigureUrls(configuration);
        ConfigureBundles();
        ConfigureAutoMapper();
        ConfigureVirtualFileSystem(hostingEnvironment);
        ConfigureNavigationServices(context.Services);
        ConfigureAutoApiControllers();
        ConfigureSwaggerServices(context.Services);

        // Cookie Expiration. This impact login/logout.
        context.Services.ConfigureApplicationCookie(options =>
        {
            options.ExpireTimeSpan = TimeSpan.FromHours(48);
        });
    }

[realLiangshiwei]

It works for me