I'm trying to implement sliding session expiration. I'm using Windows Azure ACS, .Net 4.5, WIF. When I first receive the token, what I'm doing is setting its default expiration time to 2 hours and write that token into cookie as shown in the code below:
internal void SetSession(ClaimsPrincipal principal)
{
var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromMinutes(120));
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
Thread.CurrentPrincipal = principal;
}
At this time, if I check the ValidFrom
and ValidTo
properties of the sessionToken
variable, I get proper values as shown in the screenshot below:
Now to implement sliding session expiration, I am handling SessionAuthenticationModule_SessionSecurityTokenReceived
event in my Global.asax
file as shown below:
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
var sessionToken = e.SessionToken;
}
However when I check the ValidFrom
and ValidTo
properties of the token, it's not what I set when I was writing the token as the cookie as shown in the screenshot below:
Not sure why this is happening. Can anybody please explain what I'm doing wrong.
UPDATE:
Here's one interesting thing I noticed. The way I've implemented sliding session is that I check token's ValidTo
property and compare that with current date/time (in UTC). If the difference is less than 5 minutes, I increase the ValidTo
time by 2 hours and reissue the cookie as shown in the code below:
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
var sessionToken = e.SessionToken;
var currentDateTime = DateTime.UtcNow.Ticks;
var sessionExpirationDateTime = sessionToken.ValidTo.Ticks;
if (sessionExpirationDateTime >= currentDateTime)
{
var renewTokenWindow = 5 * 60 * 1000;//5 minutes
TimeSpan ts = new TimeSpan(sessionExpirationDateTime - currentDateTime);
if (ts.TotalMilliseconds < renewTokenWindow)
{
var newSessionTokenExpiry = sessionToken.ValidTo.AddMinutes(120);
//Renew token
SessionAuthenticationModule sam = sender as SessionAuthenticationModule;
var newSessionToken = sam.CreateSessionSecurityToken(sessionToken.ClaimsPrincipal, sessionToken.Context, sessionToken.ValidFrom, newSessionTokenExpiry, sessionToken.IsPersistent);
e.SessionToken = newSessionToken;
e.ReissueCookie = true;
}
}
}
Now after that if I check the value of ValidTo
property in subsequent requests, it is actually honoring the value I'm setting as shown below. And this value gets persisted request after request i.e. once I reissue the token, everything works well.
Thinktecture IdentityModel has an implementation, so you can either reference the package via NuGet or you can just copy the source code:
http://brockallen.com/2013/02/17/sliding-sessions-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With