I have a .net core project using Microsoft.AspNetCore.Authentication (2.2.0) configured to use CookieAuthentication. Cookies are configured to be persistent and expire after seven days. The problem is that all logged-in users are logged out whenever the application pool is recycled.
I am not using sessions at all. I have verified that the cookie is still present in the web browser, it seems like the existing cookies are determined to be invalid by the server. How can I change this behavior?
This is the current configuration:
services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(
CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.AccessDeniedPath = "/";
options.LoginPath = "/";
options.LogoutPath = "/Authentication/Logout";
options.Events.OnRedirectToLogin = context =>
{
context.Response.Redirect("/?returnUrl=" + context.Request.GetEncodedPathAndQuery());
return Task.CompletedTask;
});