I am having trouble with the Two Factor Remember Browser Cookie. I downloaded the tutorial available here :
, but even when I select "Remember Browser" at the verify code page, the cookie is set to expire at the end of the browser session. The only
way to get the cookie to NOT expire on browser close is to set both the login and phone code remember options to true. Furthermore, when I do select both remember options, the cookies are set to expire in 2 weeks (the default for ExpireTimeSpan in CookieAuthenticationOptions
defined in Startup.Auth.cs), even though I have set ExpireTimeSpan to 30 days.
Just to be sure, I also created a brand new Visual Studio 2013 MVC 5 Project with individual accounts and updated all of my packages through the Nuget Package Manager. According to Nuget, I have the following packages and versions:
- Micorsoft.Asp.Net.Identity.Core v 2.2.1
- Micorsoft.Asp.Net.Identity.EntityFramework v 2.2.1
- Micorsoft.Asp.Net.Identity.Owin v 2.2.1
- Microsoft.Owin.Host.SystemWeb v 3.01
- Microsoft.Owin.Security.Cookies v 3.0.1
- Microsoft.Owin.Security. v 3.0.1
- Microsoft.Owin. v 3.0.1
- OWIN v 1.0
Selecting only the "Remember Browser" check box still sets the Two Factor Remember Browser Cookie to expire at the end of the browser session.
It would be useful if the Remember Browser was set correctly without having to also select Remember Me in the login page. Also, if I do
to select both remember options, it would be nice if the cookie expiration dates for each were independent of each other. For example, I would set it so that the username and login expires sooner than the phone code, but I understand that is probably
a matter of personal preference.
P.S. Stackoverflow questions: