Cookie renew ticket if it already exists (#22732)
This commit is contained in:
parent
b40b1bb7b2
commit
c330c0b37d
|
|
@ -141,12 +141,13 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
return AuthenticateResult.Fail("SessionId missing");
|
return AuthenticateResult.Fail("SessionId missing");
|
||||||
}
|
}
|
||||||
_sessionKey = claim.Value;
|
// Only store _sessionKey if it matches an existing session. Otherwise we'll create a new one.
|
||||||
ticket = await Options.SessionStore.RetrieveAsync(_sessionKey);
|
ticket = await Options.SessionStore.RetrieveAsync(claim.Value);
|
||||||
if (ticket == null)
|
if (ticket == null)
|
||||||
{
|
{
|
||||||
return AuthenticateResult.Fail("Identity missing in session store");
|
return AuthenticateResult.Fail("Identity missing in session store");
|
||||||
}
|
}
|
||||||
|
_sessionKey = claim.Value;
|
||||||
}
|
}
|
||||||
|
|
||||||
var currentUtc = Clock.UtcNow;
|
var currentUtc = Clock.UtcNow;
|
||||||
|
|
@ -304,9 +305,14 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
{
|
{
|
||||||
if (_sessionKey != null)
|
if (_sessionKey != null)
|
||||||
{
|
{
|
||||||
await Options.SessionStore.RemoveAsync(_sessionKey);
|
// Renew the ticket in cases of multiple requests see: https://github.com/dotnet/aspnetcore/issues/22135
|
||||||
|
await Options.SessionStore.RenewAsync(_sessionKey, ticket);
|
||||||
}
|
}
|
||||||
_sessionKey = await Options.SessionStore.StoreAsync(ticket);
|
else
|
||||||
|
{
|
||||||
|
_sessionKey = await Options.SessionStore.StoreAsync(ticket);
|
||||||
|
}
|
||||||
|
|
||||||
var principal = new ClaimsPrincipal(
|
var principal = new ClaimsPrincipal(
|
||||||
new ClaimsIdentity(
|
new ClaimsIdentity(
|
||||||
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
|
new[] { new Claim(SessionIdClaim, _sessionKey, ClaimValueTypes.String, Options.ClaimsIssuer) },
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue