/// <inheritdoc/>
public virtual async Task <bool> ValidateSessionAsync(SessionValidationRequest request)
{
if (ServerSideSessionStore != null)
{
var shouldCoordinate =
request.Client.CoordinateLifetimeWithUserSession == true ||
(Options.Authentication.CoordinateClientLifetimesWithUserSession && request.Client.CoordinateLifetimeWithUserSession != false);
if (shouldCoordinate)
{
var sessions = await ServerSideSessionStore.GetSessionsAsync(new SessionFilter
{
SubjectId = request.SubjectId,
SessionId = request.SessionId
});
var valid = sessions.Count > 0 &&
sessions.Any(x => x.Expires == null || DateTime.UtcNow < x.Expires.Value);
if (!valid)
{
Logger.LogDebug("Due to missing/expired server-side session, failing token validation for subject id {subjectId} and session id {sessionId}", request.SubjectId, request.SessionId);
return(false);
}
Logger.LogDebug("Due to client token use, extending server-side session for subject id {subjectId} and session id {sessionId}", request.SubjectId, request.SessionId);
foreach (var session in sessions)
{
if (session.Expires.HasValue)
{
// setting the Expires flag on the entity (and not in the AuthenticationTicket)
// since we know that when loading from the DB that column will overwrite the
// expires in the AuthenticationTicket.
var diff = session.Expires.Value.Subtract(session.Renewed);
session.Renewed = DateTime.UtcNow;
session.Expires = session.Renewed.Add(diff);
await ServerSideSessionStore.UpdateSessionAsync(session);
}
}
}
}
return(true);
}
public Task <bool> ValidateSessionAsync(SessionValidationRequest request)
{
return(Task.FromResult(true));
}
