ABP Framework version: v4.1.2 UI type: Angular DB provider: EF Core
We open a new tab and login to the app, then we close that tab. Wait 35 minutes (token lifetime is 30 minutes) then reopen the tab that we just closed, we can still access to the app. Or I left session open overnight, and the next morning I was still able to continue working on it. How can automatically logout after a while of not using the app?
I tried to change the token lifetime before.
Hi, this is the case that I have encountered: I login to the browser and kept it open while the computer was put to sleep mode and I could still access without logging in the day after. I have set AbsoluteRefreshTokenLifetime=1800 (30 minutes), Is there a way to force logout in that case?
Hi maliming
Yes, it still happen if the computer was not sleeping. I have a feeling I'll never be logged out if I still open browser. If I close browser and waiting for timeout then reopen the browser, I get the login page. I had set AccessTokenLifetime and AbsoluteRefreshTokenLifetime to 1 minute. I see the refresh token api in the network, one of them fails with invalid_grant (so can not get new token), then a few second some api get error, then I refresh the page (press f5) and I can still access to the system without logout.
I also tried setting expire time for cookies, but it not work .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromMinutes(1); options.SlidingExpiration = true; });
Thanks Mehmet I will upgrade my solution, will let you know the result later.
Hi @Mehmet, Do you have any updates for this, or is there a new version that has addressed this?