Cookie renew ticket if it already exists (#22732)

This commit is contained in:
Hao Kung 2020-06-16 14:51:57 -07:00 committed by GitHub
parent b40b1bb7b2
commit c330c0b37d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 4 deletions

View File

@ -141,12 +141,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
return AuthenticateResult.Fail("SessionId missing"); return AuthenticateResult.Fail("SessionId missing");
} }
_sessionKey = claim.Value; // Only store _sessionKey if it matches an existing session. Otherwise we'll create a new one.
ticket = await Options.SessionStore.RetrieveAsync(_sessionKey); ticket = await Options.SessionStore.RetrieveAsync(claim.Value);
if (ticket == null) if (ticket == null)
{ {
return AuthenticateResult.Fail("Identity missing in session store"); return AuthenticateResult.Fail("Identity missing in session store");
} }
_sessionKey = claim.Value;
} }
var currentUtc = Clock.UtcNow; var currentUtc = Clock.UtcNow;
@ -304,9 +305,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
{ {
if (_sessionKey != null) if (_sessionKey != null)
{ {
await Options.SessionStore.RemoveAsync(_sessionKey); // Renew the ticket in cases of multiple requests see: https://github.com/dotnet/aspnetcore/issues/22135
await Options.SessionStore.RenewAsync(_sessionKey, ticket);
} }
_sessionKey = await Options.SessionStore.StoreAsync(ticket); else
{
_sessionKey = await Options.SessionStore.StoreAsync(ticket);
}
var principal = new ClaimsPrincipal( var principal = new ClaimsPrincipal(
new ClaimsIdentity( new ClaimsIdentity(
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) }, new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },