My setup uses claims based authentication with an SQL membership provider.
I'm trying to get sliding expiration to work.
I added the the following method in global.asax file based on http://ift.tt/1b7rPjO
protected void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
DateTime now = DateTime.UtcNow;
DateTime validFrom = e.SessionToken.ValidFrom;
DateTime validTo = e.SessionToken.ValidTo;
if ((now < validTo) && (now > validFrom.AddMinutes((validTo.Minute - validFrom.Minute) / 2)))
{
SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
e.SessionToken = sam.CreateSessionSecurityToken(e.SessionToken.ClaimsPrincipal, e.SessionToken.Context,
now, now.AddMinutes(SLIDING_TIMEOUT_VALUE), e.SessionToken.IsPersistent);
e.ReissueCookie = true;
}
}
I used Fiddler to monitor the connection and see a new FedAuth cookie sent to the browser whenever the "if" condition is satisfied. The problem is that the session still times out. When I compared the value of re-issued FedAuth to that of the earlier FedAuth, the values were identical even though the times for ValidFrom and ValidTo of the session token should be different.
Why does the value not change? What am I missing?
0 commentaires:
Enregistrer un commentaire