Example #1
0
        internal override void CacheSession()
        {
            var sessionInfo = new CachedSessionInfo(SessionKey, UserId, ExpiryTime);

            if (UseHttpSession)
            {
                HttpSession[SESSION_INFO_SESSION_KEY] = sessionInfo;
            }
            else
            {
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(SESSION_KEY_COOKIE, sessionInfo.SessionKey));
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(USER_ID_COOKIE, sessionInfo.UserId.ToString()));
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(EXPIRY_TIME_COOKIE, sessionInfo.ExpiryTime.ToString()));
            }
        }
Example #2
0
        private void LoadFromRequest()
        {
            if (string.IsNullOrEmpty(ApplicationKey) || string.IsNullOrEmpty(ApplicationSecret))
            {
                throw new Exception(
                          "Session must have application key and secret before logging in." + Environment.NewLine +
                          "To set them in your web.config, use something like the following:" + Environment.NewLine +
                          "<appSettings>" + Environment.NewLine +
                          "   <add key=\"ApiKey\" value =\"YOURApiKEY\"/>" + Environment.NewLine +
                          "   <add key=\"Secret\" value =\"YOURSECRET\"/>" + Environment.NewLine +
                          "</appSettings>\"");
            }

            if (HttpContext.Current.Response == null || HttpContext.Current.Request == null)
            {
                throw new Exception("Session must have both an HttpRequest object and an HttpResponse object to login.");
            }

            bool              inProfileTab          = HttpContext.Current.Request[QueryParameters.InProfileTab] == "1";
            string            sessionKeyFromRequest = inProfileTab ? HttpContext.Current.Request[QueryParameters.ProfileSessionKey] : HttpContext.Current.Request[QueryParameters.SessionKey];
            string            authToken             = HttpContext.Current.Request[QueryParameters.AuthToken];
            CachedSessionInfo cachedSessionInfo     = LoadCachedSession();

            if (!string.IsNullOrEmpty(sessionKeyFromRequest))
            {
                SetSessionProperties(
                    sessionKeyFromRequest,
                    long.Parse(inProfileTab ? HttpContext.Current.Request[QueryParameters.ProfileUser] : HttpContext.Current.Request[QueryParameters.User]),
                    DateHelper.ConvertUnixTimeToDateTime(long.Parse(HttpContext.Current.Request[QueryParameters.Expires])));
            }
            else if (cachedSessionInfo != null && (HttpContext.Current.Request.HttpMethod == "POST" || !string.IsNullOrEmpty(authToken))) // only use cached info if user hasn't removed the app
            {
                SetSessionProperties(cachedSessionInfo.SessionKey, cachedSessionInfo.UserId, cachedSessionInfo.ExpiryTime);
            }
            else if (!string.IsNullOrEmpty(authToken))
            {
                session_info sessionInfo = new Api(this).Auth.GetSession(authToken);
                SetSessionProperties(sessionInfo.session_key, sessionInfo.uid, DateHelper.ConvertUnixTimeToDateTime(sessionInfo.expires));
            }
        }
 private bool HaveValidCachedSession(CachedSessionInfo cachedSessionInfo, string authToken, string apiKeyRequestParam)
 {
     if (cachedSessionInfo == null)
     {
         return false;
     }
     else if (DateTime.Now > cachedSessionInfo.ExpiryTime)
     {
         return false;
     }
      // assume for now that all POST requests are valid, since they would have come from a GET just before now
     else if (HttpContext.Current.Request.HttpMethod == "POST")
     {
         return true;
     }
     // this is the case where the user removed the app, but now came back and wants to re-add it.
     // need to check apiKeyRequestParam, too, to make sure this link is coming from Facebook with proper request params,
     // instead of from within our app where request params are not expected
     else if (string.IsNullOrEmpty(authToken) && !string.IsNullOrEmpty(apiKeyRequestParam))
     {
         return false;
     }
     else
     {
         return true;
     }
 }
        internal override void CacheSession()
        {
            var sessionInfo = new CachedSessionInfo(SessionKey, UserId, ExpiryTime);

            if (UseHttpSession)
            {
                HttpSession[SESSION_INFO_SESSION_KEY] = sessionInfo;
            }
            else
            {
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(SESSION_KEY_COOKIE, sessionInfo.SessionKey));
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(USER_ID_COOKIE, sessionInfo.UserId.ToString()));
                HttpContext.Current.Response.Cookies.Set(new HttpCookie(EXPIRY_TIME_COOKIE, sessionInfo.ExpiryTime.ToString()));
            }
        }