public virtual async Task <ActionResult> Login(UserLoginModel model) { var user = await UserCore.GetByEmailAndPasswordAsync(model.Email, model.Password).ConfigureAwait(false); if (user == null) { return(RedirectToAction(MVC.Account.Actions.Login())); } var token = await AuthTokenCore.CreateAsync(new AuthToken { UserId = user.Id }).ConfigureAwait(false); HttpContext.Request.Cookies.Clear(); // clear all cookies, to start a fresh session var tkt = new FormsAuthenticationTicket(1, model.Email, DateTime.Now, DateTime.Now.AddMinutes(999), false, $"{token.Id}#{Guid.NewGuid()}#{token.Id}", FormsAuthentication.FormsCookiePath); var cookiestr = FormsAuthentication.Encrypt(tkt); var ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr) { Expires = tkt.Expiration, Path = FormsAuthentication.FormsCookiePath }; Response.Cookies.Add(ck); return(RedirectToAction(MVC.Home.Actions.Index())); }