Class BackOfficeSessionIdValidator

Namespace

Umbraco.Cms.Web.BackOffice.Security

Assembly

Umbraco.Web.BackOffice.dll

Used to validate a cookie against a user's session id

public class BackOfficeSessionIdValidator

Inheritance

object

BackOfficeSessionIdValidator

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Remarks

This uses another cookie to track the last checked time which is done for a few reasons: * We can't use the user's auth ticket to do this because we'd be re-issuing the auth ticket all of the time and it would never expire plus the auth ticket size is much larger than this small value * This will execute quite often (every minute per user) and in some cases there might be several requests that end up re-issuing the cookie so the cookie value should be small * We want to avoid the user lookup if it's not required so that will only happen when the time diff is great enough in the cookie

This is a scoped/request based object.

Constructors

BackOfficeSessionIdValidator(ISystemClock, IOptionsSnapshot<GlobalSettings>, IBackOfficeUserManager)

Initializes a new instance of the BackOfficeSessionIdValidator class.

public BackOfficeSessionIdValidator(ISystemClock systemClock, IOptionsSnapshot<GlobalSettings> globalSettings, IBackOfficeUserManager userManager)

Parameters

systemClock ISystemClock

globalSettings IOptionsSnapshot<GlobalSettings>

userManager IBackOfficeUserManager

Fields

CookieName

public const string CookieName = "UMB_UCONTEXT_C"

Field Value

string

Methods

ValidateSessionAsync(TimeSpan, CookieValidatePrincipalContext)

public Task ValidateSessionAsync(TimeSpan validateInterval, CookieValidatePrincipalContext context)

Parameters

validateInterval TimeSpan

context CookieValidatePrincipalContext

Returns

Task