public void OnAuthorization(AuthorizationFilterContext context)
{
if (context.ActionDescriptor.GetCustomMethodAttribute <AllowWithoutSession>() == null)
{
if (!context.HttpContext.Request.Headers.TryGetSessionId(out var sessionId))
{
throw new InvalidSessionException("No \"SessionId\" set in the token's claims.");
}
if (!_sessionTracker.IsActive(sessionId))
{
throw new InvalidSessionException($"Session with id \"{sessionId}\" is not active.");
}
_sessionTracker.SetLastActive(sessionId, DateTime.UtcNow);
}
}