c# - ServiceStack RequiredRole is resetting my expiry (time to live) to 2 weeks -

i using servicestack redis store sessions. session expiry set on per user basis. it's working expect these specific service methods, having side effect of changing ttl (time live) default of 2 weeks when use [requiredrole(roles.admin)], using [authenticate] isn't problem.

using repositories.dto; using servicestack; using servicestack.auth;  namespace webapi.controllers {     public class registrationservice : registerservice     {         private readonly registrationrepo _repo;          public registrationservice(registrationrepo repo)         {             _repo = repo;         }          [authenticate] // no problems         public object put(registrationrequest registration)         {             var result = _repo.updateuser(registration.user);              return new             {                 user = result             };         }          [authenticate]         [requiredrole(roles.admin)] //problems. expiry resets 2 weeks         public object post(registrationrequest registration)         {             var result = _repo.updateuser(registration.user);              return new             {                 user = result             };         } 

i set sessionexpiry in onauthenticated of custom credentialsauthprovider class, , don't manually change sessionexpiry other place in app (no sliding session expirations @ time - pun intended).

any appreciated!

every time session saved it's saved again default session expiry can specify on top-level authfeature.sessionexpiry temp sessions or authfeature.permanentsessionexpiry permanent (remember me) sessions.

you can intercept each time session saved , change session expiry it's saved overriding onsavesession in apphost:

public override void onsavesession(     irequest httpreq, iauthsession session, timespan? expiresin = null) {     var customexpiry = ...     base.onsavesession(httpreq, session, customexpiry); }