|
static private IsCookieLess ( |
||
| context | ||
| config | System.Web.Configuration.SessionStateSection | |
| return | bool | |
public string GetSessionID(HttpContext context)
{
string ret = null;
if (SessionStateModule.IsCookieLess(context, config))
{
string tmp = context.Request.Headers [SessionStateModule.HeaderName];
if (tmp != null)
{
ret = Decode(tmp);
}
}
else
{
HttpCookie cookie = context.Request.Cookies [config.CookieName];
if (cookie != null)
{
ret = Decode(cookie.Value);
}
}
if (ret != null && ret.Length > SessionIDMaxLength)
{
throw new HttpException("The length of the session-identifier value retrieved from the HTTP request exceeds the SessionIDMaxLength value.");
}
if (!Validate(ret))
{
throw new HttpException("Invalid session ID");
}
return(ret);
}
// TODO: add code to check whether the response has already been sent
public void SaveSessionID(HttpContext context, string id, out bool redirected, out bool cookieAdded)
{
if (!Validate(id))
{
throw new HttpException("Invalid session ID");
}
HttpRequest request = context.Request;
if (!SessionStateModule.IsCookieLess(context, config))
{
HttpCookie cookie = new HttpCookie(config.CookieName, id);
cookie.Path = request.ApplicationPath;
context.Response.AppendCookie(cookie);
cookieAdded = true;
redirected = false;
}
else
{
request.SetHeader(SessionStateModule.HeaderName, id);
cookieAdded = false;
redirected = true;
UriBuilder newUri = new UriBuilder(request.Url);
newUri.Path = UrlUtils.InsertSessionId(id, request.FilePath);
context.Response.Redirect(newUri.Uri.PathAndQuery, false);
}
}
