diff --git a/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs b/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs index 2d6a46d903..ccbec26f4a 100644 --- a/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs +++ b/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs @@ -16,8 +16,8 @@ namespace Umbraco.Web.BackOffice.Runtime { composition.RegisterUnique(); composition.RegisterUnique(); - composition.RegisterUnique(); - composition.RegisterUnique(); + composition.Register(Lifetime.Request); + composition.Register(Lifetime.Request); composition.RegisterUnique(); } diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs index 70bcf57954..fdf630e01c 100644 --- a/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs +++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs @@ -19,14 +19,19 @@ namespace Umbraco.Web.BackOffice.Security using ICookieManager = Microsoft.AspNetCore.Authentication.Cookies.ICookieManager; /// - /// Static helper class used to configure a CookieAuthenticationProvider to validate a cookie against a user's session id + /// Used to validate a cookie against a user's session id /// /// + /// /// This uses another cookie to track the last checked time which is done for a few reasons: /// * We can't use the user's auth ticket to do this because we'd be re-issuing the auth ticket all of the time and it would never expire /// plus the auth ticket size is much larger than this small value /// * This will execute quite often (every minute per user) and in some cases there might be several requests that end up re-issuing the cookie so the cookie value should be small /// * We want to avoid the user lookup if it's not required so that will only happen when the time diff is great enough in the cookie + /// + /// + /// This is a scoped/request based object. + /// /// public class BackOfficeSessionIdValidator {