/// <summary> Invalidate the old session after copying all of its contents to a newly created session with a new session id. /// Note that this is different from logging out and creating a new session identifier that does not contain the /// existing session contents. Care should be taken to use this only when the existing session does not contain /// hazardous contents. /// /// </summary> /// <returns> The invaldiated session. /// </returns> /// <seealso cref="Owasp.Esapi.Interfaces.IHttpUtilities.ChangeSessionIdentifier()"> /// </seealso> public IHttpSession ChangeSessionIdentifier() { IHttpRequest request = ((Authenticator)Esapi.Authenticator()).CurrentRequest; IHttpResponse response = ((Authenticator)Esapi.Authenticator()).CurrentResponse; IHttpSession session = ((Authenticator)Esapi.Authenticator()).CurrentSession; IDictionary temp = new Hashtable(); // make a copy of the session content IEnumerator e = session.GetEnumerator(); while (e != null && e.MoveNext()) { string name = (string)e.Current; object val = session[name]; temp[name] = val; } // invalidate the old session and create a new one // This hack comes from here: http://support.microsoft.com/?kbid=899918 session.Abandon(); response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); // copy back the session content IEnumerator i = new ArrayList(temp).GetEnumerator(); while (i.MoveNext()) { DictionaryEntry entry = (DictionaryEntry)i.Current; session.Add((string)entry.Key, entry.Value); } return(session); }
/// <summary> /// Authenticates the user with a given password. /// </summary> /// <param name="password">The password to use for authentication.</param> /// <seealso cref="Owasp.Esapi.Interfaces.IUser.LoginWithPassword(string)"> /// </seealso> public void LoginWithPassword(string password) { if (password == null || password.Equals("")) { SetLastFailedLoginTime(DateTime.Now); throw new AuthenticationLoginException("Login failed", "Missing password: "******"Login failed", "Disabled user attempt to login: "******"Login failed", "Locked user attempt to login: "******"Login failed", "Expired user attempt to login: "******"User logged in: " + accountName); } else { throw new AuthenticationLoginException("Login failed", "Login attempt as " + AccountName + " failed"); } } catch (EncryptionException ee) { throw new AuthenticationException("Internal error", "Error verifying password for " + accountName, ee); } }
private Cart GetCartFromSession(IHttpSession session) { if (!session.Contains("shoppingCart")) { session.Add("shoppingCart", new Cart()); } return(session.Get <Cart>("shoppingCart")); }
public IHttpResponse Greeting(IHttpRequest request) { IHttpSession session = request.Session; Dictionary <string, string> formData = request.FormData; if (session.Get("firstName") == null) { session.Add("firstName", formData["firstName"]); } else if (session.Get("lastName") == null) { session.Add("lastName", formData["lastName"]); } else if (session.Get("age") == null) { session.Add("age", formData["age"]); } return(new RedirectResponse("/greeting")); }
public static ShoppingCart GetShoppingCart(this IHttpSession session) { ShoppingCart shoppingCart = session.Get <ShoppingCart>(CurrentShoppingCartSessionKey); if (shoppingCart == null) { shoppingCart = new ShoppingCart(); session.Add(CurrentShoppingCartSessionKey, shoppingCart); } return(shoppingCart); }
//GET /testsession public IHttpResponse SessionTest(IHttpRequest req) { IHttpSession session = req.Session; const string sessionDateKey = "saved_date"; if (session.Get(sessionDateKey) == null) { session.Add(sessionDateKey, DateTime.UtcNow); } return(new ViewResponse(HttpStatusCode.Ok, new SessionTestView((DateTime)session.Get(sessionDateKey)))); }
public IHttpResponse SessionTest(IHttpRequest request) { IHttpSession session = request.Session; if (session.GetParameter("Logged_in") == null) { session.Add("Logged_in", DateTime.UtcNow); } DateTime loggedInTime = (DateTime)session.GetParameter("Logged_in"); var response = new ViewResponse(HttpStatusCode.OK, new SessionTestView(loggedInTime)); return(response); }
public IHttpResponse Login(IHttpSession session, Dictionary <string, string> formData) { string email = formData["email"]; string password = formData["password"]; LoginViewModel user = this.userService.GetByMailAndPass(email, password); if (user != null) { session.Add(SessionStore.CurrentUserKey, user); return(new RedirectResponse("/")); } return(this.FileViewResponse("Account/login")); }
internal IHttpResponse Login(IHttpSession session, Dictionary <string, string> formData) { string usernameOrEmail = formData["username"]; string password = formData["password"]; string username = this.userService.GetByMailOrPass(usernameOrEmail, password); if (username == null) { this.InsertErrorMessage(AppConstants.LogInError); this.SetGuestView(); return(this.FileViewResponse("/Users/login")); } session.Add(SessionStore.CurrentUserKey, username); return(new RedirectResponse("/")); }
internal IHttpResponse Register(IHttpSession session, Dictionary <string, string> formData) { string username = formData["username"]; string password = formData["password"]; string confirmedPassword = formData["confirmed-password"]; string email = formData["email"]; RegisterViewModel model = new RegisterViewModel() { Username = username, Password = password, ConfirmedPassword = confirmedPassword, Email = email }; if (!Validation.TryValidate(model)) { this.InsertErrorMessage(AppConstants.InputUserDataError); this.SetGuestView(); return(this.FileViewResponse("/Users/register")); } bool success = this.userService.CreateUser(model); if (!success) { this.InsertErrorMessage(AppConstants.UsernameOrEmailAlreadyExist); this.SetGuestView(); return(this.FileViewResponse("/Users/register")); } session.Add(SessionStore.CurrentUserKey, model.Username); return(new RedirectResponse("/")); }
public IHttpResponse Login(IHttpSession session, LoginUserViewModel model) { string error = this.ValidateModel(model); if (error != null) { return(this.ErrorMessageResponse(error, FilePaths.UserLogin)); } string email = model.Email; string password = model.Password; if (!this.UserService.Login(email, password)) { // Check for not existing user. return(this.ErrorMessageResponse(ErrorMessages.UserNotExist, FilePaths.UserLogin)); } session.Add(SessionKeys.CurrentUser, email); this.ShowUserNavBar(email); return(new RedirectResponse(UrlPaths.Home)); }