为什么使用 Owin 时 cookie 的过期日期是 'Session'

Why is cookie's expiration date is 'Session' when using Owin

我的网络应用程序是 MVC5。我正在调用 IdentityServer4 应用程序的 url 以在登录时对用户进行身份验证。 这是我的应用程序

中 Startup class 的 ConfigureAuth 方法
public void ConfigureAuth(IAppBuilder app)
    {
        JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();            

        var authority = LayeredConfiguration.GetValue("HydraInsuranceWeb-UserManagement-Authority");
        var redirectUri = LayeredConfiguration.GetValue("HydraInsuranceWeb-UserManagement-RedirectUri");

        app.UseCookieAuthentication(new CookieAuthenticationOptions {
            AuthenticationType = "Cookies",
            SlidingExpiration = false,
            ExpireTimeSpan = System.TimeSpan.FromMinutes(2),
            CookieName = "MyTestCookie"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Authority = authority,
            ClientId = AuthConstants.InsuranceWebClientId,
            Scope = "openid profile user.management hydra.eventhistory.api",
            RedirectUri = redirectUri,
            ResponseType = "code id_token",

            SignInAsAuthenticationType = "Cookies",
            UseTokenLifetime = false,

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                SecurityTokenValidated = n =>
                {
                    try
                    {
                        var transformedHydraIdentity = new HydraIdentityBuilder(n.AuthenticationTicket.Identity)
                                .AllowSecurityAdmin()
                                .IncludeRoleProfiles()
                                .IncludeIdToken(n.ProtocolMessage.IdToken)
                                .IncludeStandardClaims()
                                .Build();

                        n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(
                            transformedHydraIdentity,
                            n.AuthenticationTicket.Properties);
                    }
                    catch (Exception ex)
                    {
                        n.HandleResponse();
                        n.Response.Redirect("/Error/NoAuthorization");

                        DiagnosticService.Writer.AddError("Authentication Error", ex);
                    }

                    return Task.FromResult(0);
                },
            }
        });
    }        

登录后,cookie 的有效期总是"Session",而不是当前时间加 2 分钟。

但我的预期是cookie的过期时间是一个特定的日期时间,应该是当前时间加上2分钟。如果用户2分钟内没有操作,则跳转到登录页面。

有人知道这个问题吗?请告诉我如何调查或调试以了解为什么更改 cookie 的过期时间。

并且有 2 个 cookie:.AspNet.CookiesMyTestCookie。哪个 cookie 用于验证用户?

登录时需要将IsPersistent设置为True

AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true, ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)}, userIdentity);