How to keep user login in to system and logout only after user clicks on logout button?

Question

I am using custom implementation of microsoft asp.net identity because i have custom tables that is why i have given custom implementation of all my methods IUserStore a

Answer 1

I had the same problem and I was really confused because without any reason user was redirected to login page means that he wasn't authorized. I had changed the timeout to more than 8 hours but nothing was changed. After reading many pages such as Aspnet unexpected logout or frequent-unexpected-user-logoff I found that something is wrong with the machine key and after checking machine key in web.config file I could detect the problem with machine key. By changing the machine key and make it the same with others in Owin section everything is working well.

Answer 2

Examine the settings of the forms element within the authentication element of your web.config file.

Note the default values for the two applicable settings.

1. timeout (default is 30 minutes)
2. slidingExpiration (True or False / default varines with .NET Framework version)

For your situation, you will probably want a timeout duration much higher than 30 minutes and a slidingExpiration value of True.