protected override bool AuthorizeCore(HttpContextBase httpContext) { try { HttpCookie cookie = httpContext.Request.Cookies.Get("filth.sid"); if (cookie != null && cookie.Expires >= DateTime.Now) { // remove session key from database setup.RemoveSessionKey(cookie.Value); return(false); } string value = httpContext.Server.UrlDecode(cookie.Value); User user = setup.ValidateUser(value); if (user != null) { if (this.AccessRole != null) { if (user.Roles.Contains(this.AccessRole)) { return(true); } else { return(false); } } else { return(true); } } else { return(false); } } catch { return(false); } }