From 71ec09486d9b1e691a9bf7948beb62d633a5eaee Mon Sep 17 00:00:00 2001 From: Shannon Date: Thu, 19 Nov 2015 14:17:06 +0100 Subject: [PATCH] Reverts the 'fix' from U4-7118 since it is incorrect. Updates the sliding expiration of the cookie/ticket when the user is supposed to be always logged in to 30 minutes in case the timeout is actually set very low in config. --- .../Security/Identity/GetUserSecondsMiddleWare.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Umbraco.Web/Security/Identity/GetUserSecondsMiddleWare.cs b/src/Umbraco.Web/Security/Identity/GetUserSecondsMiddleWare.cs index f9b9fc0ca6..85cab39120 100644 --- a/src/Umbraco.Web/Security/Identity/GetUserSecondsMiddleWare.cs +++ b/src/Umbraco.Web/Security/Identity/GetUserSecondsMiddleWare.cs @@ -76,15 +76,15 @@ namespace Umbraco.Web.Security.Identity { var utcNow = DateTime.Now.ToUniversalTime(); ticket.Properties.IssuedUtc = utcNow; - ticket.Properties.ExpiresUtc = utcNow.AddMinutes(_authOptions.LoginTimeoutMinutes); + ticket.Properties.ExpiresUtc = utcNow.AddMinutes(30); var cookieValue = _authOptions.TicketDataFormat.Protect(ticket); var cookieOptions = new CookieOptions { Path = "/", - Domain = _authOptions.CookieDomain ?? "FALSE", - Expires = DateTime.Now.AddMinutes(_authOptions.LoginTimeoutMinutes), + Domain = _authOptions.CookieDomain ?? null, + Expires = DateTime.Now.AddMinutes(30), HttpOnly = true, Secure = _authOptions.CookieSecure == CookieSecureOption.Always || (_authOptions.CookieSecure == CookieSecureOption.SameAsRequest && request.Uri.Scheme.InvariantEquals("https")),