Merge pull request #11 from Intrepiware/extend-login-timeout

Extend login timeout to 1 year

WorkoutBuilder.Services/Impl/AuthenticationService.cs

@@ -22,7 +22,8 @@ public async Task<bool> Login(string username, string password)
                 var claims = GetClaims(user);
                 var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
                 var principal = new ClaimsPrincipal(identity);
-                await HttpContextAccessor.HttpContext.SignInAsync(principal);
+                await HttpContextAccessor.HttpContext.SignInAsync(principal, 
+                    new AuthenticationProperties { IsPersistent = true, ExpiresUtc = DateTime.UtcNow.AddDays(365) });
                 return true;
             }
 

WorkoutBuilder/Program.cs

@@ -3,6 +3,7 @@
 using BotDetect.Web;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
 using WorkoutBuilder.Data;
 using WorkoutBuilder.IOC;
 using WorkoutBuilder.Middleware;
@@ -37,7 +38,11 @@ public static void Main(string[] args)
                     .AddCookie("CookieAuth", config =>
                     {
                         config.Cookie.Name = "WorkoutBuild";
-                        config.LoginPath = "/Users/Login";
+                        config.LoginPath = "/Users/Login"; 
+                        config.Cookie.HttpOnly = true;
+                        config.Cookie.IsEssential = true;
+                        config.Cookie.SameSite = SameSiteMode.Strict;
+                        config.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                     });
 
             // This setting allows the CAPTCHA to generate images