I’m using ASP.NET 4.8 with the package Okta.AspNet and my login/logout process works fine, however I noticed the cookies are created with “Session” expirations, they will be valid until the browser is open.
Is there anyway to make my cookies invalid after few minutes of inactivity? I’ve tried to set it on CookieAuthenticationOptions but it does not help.
var opts = new CookieAuthenticationOptions()
{
SlidingExpiration = true,
ExpireTimeSpan = TimeSpan.FromMinutes(2),
CookieManager = new SystemWebCookieManager()
};
app.UseCookieAuthentication(opts);
app.UseOktaMvc(new OktaMvcOptions()
{
OktaDomain = keys.OktaDomain,
ClientId = keys.ClientId,
ClientSecret = keys.ClientSecret,
AuthorizationServerId = keys.AuthorizationServerId,
RedirectUri = keys.RedirectUri,
PostLogoutRedirectUri = keys.PostLogoutRedirectUri,
GetClaimsFromUserInfoEndpoint = true,
Scope = new List<string> { "openid", "profile", "email" },
});