public IHttpResponse PostLoginView(IHttpRequest request) { var usernameOrEmail = request.FormData["usernameOrEmail"].ToString().Trim(); var password = request.FormData["password"].ToString(); var isEmail = Regex.IsMatch(WebUtility.UrlDecode(usernameOrEmail), EmailRegex); var isUsername = Regex.IsMatch(usernameOrEmail, UsernameRegex); if ((!isEmail && !isUsername) || usernameOrEmail.Length < UsernameOrEmailLength) { return(this.ErrorView(InvalidCredentials)); } var hashedPassword = this.HashService.Hash(password); var user = this.Db.Users.FirstOrDefault( u => (u.Username == usernameOrEmail && u.Password == hashedPassword) || (u.Email == usernameOrEmail && u.Password == hashedPassword)); if (user == null) { return(this.ErrorView(InvalidUsernameEmailOrPassword)); } var cookieContent = this.UserCookieService.GetUserCookie(usernameOrEmail); //request.Session.AddParamter("username", cookieContent); var cookie = new HttpCookie(".auth-cookie", cookieContent); cookie.SetPath("/"); var response = new RedirectResult("/"); response.AddCookie(cookie); return(response); }