From 22c842f2e5b28641cc082151044e7b9ffdab7bfd Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 2 Jun 2020 14:51:27 +1000
Subject: [PATCH] fixes service registration

---
 src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs   | 4 ++--
 .../Security/BackOfficeSessionIdValidator.cs               | 7 ++++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs b/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs
index 2d6a46d903..ccbec26f4a 100644
--- a/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs
+++ b/src/Umbraco.Web.BackOffice/Runtime/BackOfficeComposer.cs
@@ -16,8 +16,8 @@ namespace Umbraco.Web.BackOffice.Runtime
         {
             composition.RegisterUnique<BackOfficeAreaRoutes>();
             composition.RegisterUnique<BackOfficeServerVariables>();
-            composition.RegisterUnique<BackOfficeSessionIdValidator>();
-            composition.RegisterUnique<BackOfficeSecurityStampValidator>();
+            composition.Register<BackOfficeSessionIdValidator>(Lifetime.Request);
+            composition.Register<BackOfficeSecurityStampValidator>(Lifetime.Request);
 
             composition.RegisterUnique<IBackOfficeAntiforgery, BackOfficeAntiforgery>();
         }
diff --git a/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs b/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs
index 70bcf57954..fdf630e01c 100644
--- a/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs
+++ b/src/Umbraco.Web.BackOffice/Security/BackOfficeSessionIdValidator.cs
@@ -19,14 +19,19 @@ namespace Umbraco.Web.BackOffice.Security
     using ICookieManager = Microsoft.AspNetCore.Authentication.Cookies.ICookieManager;
 
     /// <summary>
-    /// Static helper class used to configure a CookieAuthenticationProvider to validate a cookie against a user's session id
+    /// Used to validate a cookie against a user's session id
     /// </summary>
     /// <remarks>
+    /// <para>
     /// This uses another cookie to track the last checked time which is done for a few reasons:
     /// * We can't use the user's auth ticket to do this because we'd be re-issuing the auth ticket all of the time and it would never expire
     ///     plus the auth ticket size is much larger than this small value
     /// * This will execute quite often (every minute per user) and in some cases there might be several requests that end up re-issuing the cookie so the cookie value should be small
     /// * We want to avoid the user lookup if it's not required so that will only happen when the time diff is great enough in the cookie
+    /// </para>
+    /// <para>
+    /// This is a scoped/request based object.
+    /// </para>
     /// </remarks>
     public class BackOfficeSessionIdValidator
     {