/// <summary> /// Loads the user and his rights and audits to the session object. /// </summary> /// <param name="session">The session the method works on</param> /// <param name="user">The user to be added to the session.</param> public static async Task LoadUserSessionDataAsync(this ISession session, UserEntity user) { session.AddUserObject(user); session.AddSystemActionRights(await SecurityGuiHelper.GetSystemActionRightsForUserAsync(user.UserID)); session.AddAuditActions(await SecurityGuiHelper.GetAuditActionsForUserAsync(user.UserID)); session.AddForumsActionRights(await SecurityGuiHelper.GetForumsActionRightsForUserAsync(user.UserID)); if ((user.UserID > 0) && (user.LastVisitedDate.HasValue)) { session.AddLastVisitDate(user.LastVisitedDate.Value); } else { session.AddLastVisitDate(DateTime.Now); } }
/// <summary> /// Initializes the session with the initial static data for the user. /// </summary> /// <param name="session"></param> /// <param name="context"></param> public static async Task InitializeAsync(this ISession session, HttpContext context) { if (session.GetInt32(SessionKeys.SessionInitialized) == 1) { // already initialized return; } bool useEntityBasedLastVisitDateTracking = false; UserEntity user = null; if (context.User.Identity.IsAuthenticated) { user = await UserGuiHelper.GetUserAsync(context.User.Identity.Name); if (user == null) { user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward; } else { // if the lastvisited date is null in the user entity, we'll use the cookie approach first useEntityBasedLastVisitDateTracking = user.LastVisitedDate.HasValue; } } else { user = await UserGuiHelper.GetUserAsync(0); // 0 is UserID of Anonymous Coward } if (user == null || user.IsBanned) { // banned user, revert to AC user = await UserGuiHelper.GetUserAsync(0); useEntityBasedLastVisitDateTracking = false; } if (user == null || user.UserID <= 0) { await session.LoadAnonymousSessionDataAsync(); } else { await session.LoadUserSessionDataAsync(user); } bool isLastVisitDateValid = false; DateTime lastVisitDate = DateTime.Now; string lastVisitDateCookieName = ApplicationAdapter.GetSiteName() + " LastVisitDate"; // the last visited date is either stored in a cookie or on the server. Older versions of this forum system used cookie based last visited date storage, // newer versions use server side storage in the User entity. For non-logged in users, cookie based storage is still used. if (useEntityBasedLastVisitDateTracking) { lastVisitDate = user.LastVisitedDate.Value; isLastVisitDateValid = true; } else { // read last visit date from cookie collection sent if (context.Request.Cookies[lastVisitDateCookieName] != null) { string lastVisitDateAsString = context.Request.Cookies[lastVisitDateCookieName]; // convert to datetime lastVisitDate = new DateTime( int.Parse(lastVisitDateAsString.Substring(4, 4)), // Year int.Parse(lastVisitDateAsString.Substring(2, 2)), // Month int.Parse(lastVisitDateAsString.Substring(0, 2)), // Day int.Parse(lastVisitDateAsString.Substring(8, 2)), // Hour int.Parse(lastVisitDateAsString.Substring(10, 2)), // Minute 0); // Seconds isLastVisitDateValid = true; } else { lastVisitDate = DateTime.Now; } } if (isLastVisitDateValid) { // store in session object session.AddLastVisitDate(lastVisitDate); } // update date if (useEntityBasedLastVisitDateTracking || (user != null && user.UserID != 0 && !user.LastVisitedDate.HasValue)) { await UserManager.UpdateLastVisitDateForUserAsync(user.UserID); } // always write new cookie // cookie path is set to '/', to avoid path name casing mismatches. The cookie has a unique name anyway. context.Response.Cookies.Append(lastVisitDateCookieName, DateTime.Now.ToString("ddMMyyyyHHmm"), new CookieOptions() { Expires = new DateTimeOffset(DateTime.Now.AddYears(1)), Path = "/", SameSite = SameSiteMode.Lax, HttpOnly = true // no js accessibility }); if (session.CheckIfNeedsAuditing(AuditActions.AuditLogin)) { await SecurityManager.AuditLoginAsync(session.GetUserID()); } // mark the session as initialized. session.SetInt32(SessionKeys.SessionInitialized, 1); }