ASP.Net MVC Core 3.0.3
The issues lies with the IsPersistent flag not being respected when deployed to the the service provider.
Locally, the code works as expected (When session is closed with IsPersistent set to false, you're logged out, if it's true, you are logged back in when you open a new session).
I've checked that the flag passed is correct (the Input.RememberMe flag)
signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
The Startup.cs code that deals with cookies:
services.ConfigureApplicationCookie(options=>
{
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(365);
});
(I tried this after reading this answer, but it didn't change the logout behaviour (even though I can see the cookie and it expires in a year, the user is still not logged in after opening a new session on the production environment).
As well as the auth configuration:
services.AddDbContext<MyContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("MyConnections")));
services.AddDefaultIdentity<Areas.Identity.Data.MyUser>()
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<MyContext>();
I'm not sure if there's something on the server side that could be affecting this, and how much I can change from the plesk interface (this is one of those cheaper ASP.NET hosting providers).
I've also looked at this answer, but unfortunately it's linking to the new shutdown codeplex.
