yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21,935 Commits 4 Branches 7 Tags
ce2e8a147e3d58366aec71af544e3696ead4123c
Commit Graph

10 Commits

Author SHA1 Message Date
Shannon
78f6b8d8bc Fixes up more the the session id validation, makes sure that the GetUserSecondsMiddleWare also validates the session since this is what keeps the user logged in if that option is being used. 2017-11-08 23:57:17 +11:00
Shannon
782d6100f0 Gets user session management tracking via the database including detecting stale sessions, generating and removing them along with cleaning them up. This takes into account legacy code too. The session is revalidated on a one minute threshold per user so that it's not hammering the databse on every request. 2017-11-03 17:27:23 +11:00
Shannon
b74cab6f0b U4-7538 GetRemainingTimeoutSeconds is double setting the cookie in 7.4 2015-12-15 16:56:31 +01:00
Shannon
c4860a490f Ensures that GetUserSecondsMiddleWare uses the SystemClock for UTC Now, ensures that it only extends the ticket when necessary and not everytime this middleware is called - the same logic that OWIN normally renews tickets with, this means the cookie is not written everytime this request is made. 2015-11-27 16:43:02 +01:00
Shannon
8e6bbc3df9 Ensures that written cookies are done so consistently based on the UmbracoBackOfficeCookieAuthOptions. Ensures that when a webforms page requests token renewal that the token is not always renewed for the request, it checks if the tokens expiry correctly and only renews when necessary so the cookie is not written each time. Fixes the ForceRenewalCookieAuthenticationHandler to only write a cookie if the request is for a request that is not normally auth'd (i.e. is a webforms form that exists outside the normal /umbraco path ... legacy). 2015-11-27 16:25:39 +01:00
Shannon
555b520a0c Cleans up the usages of auth cookies. OWIN is in charge of auth cookies but because we have Webforms, WebApi, MVC and OWIN, they all like to deal with cookies differently. OWIN should still be solely in charge of the auth cookies, so the auth extensions are cleaned up, the renewal now works by queuing the renewal and we have custom middleware detect if a force renewal has been queued and we renew the auth cookie there. Have obsoleted a few methods that should not be used that write auth tickets directly (this is purely for backwards compat with webforms). All of these changes now ensure that the auth cookie is renewed consistently between Webforms, WebApi, MVC and OWIN. Some changes also include ensuring that OWIN is used to sign out. 2015-11-19 18:12:21 +01:00
Shannon
71ec09486d Reverts the 'fix' from U4-7118 since it is incorrect. Updates the sliding expiration of the cookie/ticket when the user is supposed to be always logged in to 30 minutes in case the timeout is actually set very low in config. 2015-11-19 14:17:06 +01:00
m_stodd
7abbfbcfcc Setting UMB_CONTEXT with Domain "FALSE" 
Running Umbraco on localhost, Chrome does not handle received 'Set Cookie's with no domain.  "FALSE" works as noted here:  http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain
 2015-09-18 02:13:12 -05:00
Shannon
b0fb892b16 Fixes: U4-6736 Log "logout" from Umbraco and also ensures logging is occuring on timeout, logout, login all with Identity stuff. 2015-07-23 12:03:50 +02:00
Shannon
7c96f95491 Fixes: U4-6723 User timeout in the back office is an issue with new ASP.Net identity implementation 2015-06-18 19:16:49 +02:00