I am using Dot Net 8 Blazor Interactive server with default authentication provided by the template.The default authentication template uses IdentityRevalidatingAuthenticationStateProvider and a default setup.
I tinkered around a bit, and after setting application cookie expire time to 1 min and RevalidationInterval to 1 min also, to see what happens - I found out that unless I refresh the page, the cookie is being deleted from the application cookie storage, but the user is not being logged out or (with viewed through debug) is being kept IsAuthenticated to true.
How would I go about either refreshing, or on page navigation, if the cookie is gone or timed out, logout the user.
Edit:My auth state:
internal sealed class IdentityRevalidatingAuthenticationStateProvider( ILoggerFactory loggerFactory, IServiceScopeFactory scopeFactory, IOptions<IdentityOptions> options) : RevalidatingServerAuthenticationStateProvider(loggerFactory){ protected override TimeSpan RevalidationInterval => TimeSpan.FromMinutes(1); protected override async Task<bool> ValidateAuthenticationStateAsync( AuthenticationState authenticationState, CancellationToken cancellationToken) { // Get the user manager from a new scope to ensure it fetches fresh data await using var scope = scopeFactory.CreateAsyncScope(); var userManager = scope.ServiceProvider.GetRequiredService<UserManager<ApplicationUser>>(); return await ValidateSecurityStampAsync(userManager, authenticationState.User); } private async Task<bool> ValidateSecurityStampAsync(UserManager<ApplicationUser> userManager, ClaimsPrincipal principal) { var user = await userManager.GetUserAsync(principal); if (user is null) { return false; } else if (!userManager.SupportsUserSecurityStamp) { return true; } else { var principalStamp = principal.FindFirstValue(options.Value.ClaimsIdentity.SecurityStampClaimType); var userStamp = await userManager.GetSecurityStampAsync(user); return principalStamp == userStamp; } } }my cookie configuration
builder.Services.AddAuthentication(options =>{ options.DefaultScheme = IdentityConstants.ApplicationScheme; options.DefaultSignInScheme = IdentityConstants.ExternalScheme;}).AddIdentityCookies(o =>{}); builder.Services.ConfigureApplicationCookie(options =>{ options.Cookie.HttpOnly = true; options.ExpireTimeSpan = TimeSpan.FromMinutes(1); options.SlidingExpiration = true; });It is worth noting that all my pages are Interactive including the Nav menu, login menu. I am achieving login and logout using a middleware.