protected virtual void Application_PostAcquireRequestState(object sender, EventArgs args)
{
//NOTE : we use "Application_PostAcquireRequestState" instead of "Application_PostAuthenticateRequest" becuase the session is not ready yet there.
if (Context.Request.IsAuthenticated &&
Context.Session != null &&
(string)Session[COOKIESESSIONKEY] != Request.Cookies[FormsAuthentication.FormsCookieName].Value)
{
var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie == null) return;//it should not be happened but we put it for insurance
if (Session[COOKIESESSIONKEY] != null)
{
CurrentUserBase.GetActiveInstance().LogOff(false);
//Extract the forms authentication cookie
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var userPrincipal = new GenericPrincipal(new System.Web.Security.FormsIdentity(authTicket), null);
Context.User = userPrincipal;
}
Session[COOKIESESSIONKEY] = authCookie.Value;
}
}
public static CurrentUserBase GetActiveInstance()
{
if (_instance == null)
{
if (SingleInstanceCreator != null)
{
_instance = SingleInstanceCreator();
}
else
{
throw new Exception("You should handle CurrentUserBase's SingleInstanceCreator event(static event)");
}
}
return(_instance);
}