From 2bb8b02233c837ab098f1a52d1a22b131343d7db Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 23 Feb 2021 11:28:42 +1100
Subject: [PATCH] adds notes

---
 src/Umbraco.Web/Security/AppBuilderExtensions.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Umbraco.Web/Security/AppBuilderExtensions.cs b/src/Umbraco.Web/Security/AppBuilderExtensions.cs
index a8dd84ef54..23afc36f93 100644
--- a/src/Umbraco.Web/Security/AppBuilderExtensions.cs
+++ b/src/Umbraco.Web/Security/AppBuilderExtensions.cs
@@ -171,10 +171,17 @@ namespace Umbraco.Web.Security
                 // change a password or add an external login to your account.
                 OnValidateIdentity = context =>
                 {
+                    // capture the current ticket for the request
                     var identity = context.Identity;
 
                     return SecurityStampValidator
                         .OnValidateIdentity<BackOfficeUserManager, BackOfficeIdentityUser, int>(
+                        // This will re-verify the security stamp at a throttled 30 mins
+                        // (the standard/default set in aspnet identity).
+                        // This ensures that if the security stamp has changed - i.e. passwords,
+                        // external logins, or other security profile data changed behind the
+                        // scenes while being logged in, that they are logged out and have
+                        // to re-verify their identity.
                         TimeSpan.FromMinutes(30),
                         async (manager, user) =>
                         {