I want to log out users of my MVC application automatically after 2 days, or when they close the browser. My authentication is cookie based, I am using ASP.NET Identity Framework.
As far as I understand, Cookies can either be persistent (with a fixed expiration date) or have a session lifetime (being cleared on browser close).
So if I make a persistent cookie I can make it expire after 2 days, but it will survive a browser close (which I don't want).
And if I make a Session cookie it will never expire if the user does not close the browser.
Is there a way to get the best of both worlds in my MVC application? A cookie that will expire either on browser close or after x time, whatever comes first?