/// <inheritdoc/> public virtual async Task <bool> ValidateSessionAsync(SessionValidationRequest request) { if (ServerSideSessionStore != null) { var shouldCoordinate = request.Client.CoordinateLifetimeWithUserSession == true || (Options.Authentication.CoordinateClientLifetimesWithUserSession && request.Client.CoordinateLifetimeWithUserSession != false); if (shouldCoordinate) { var sessions = await ServerSideSessionStore.GetSessionsAsync(new SessionFilter { SubjectId = request.SubjectId, SessionId = request.SessionId }); var valid = sessions.Count > 0 && sessions.Any(x => x.Expires == null || DateTime.UtcNow < x.Expires.Value); if (!valid) { Logger.LogDebug("Due to missing/expired server-side session, failing token validation for subject id {subjectId} and session id {sessionId}", request.SubjectId, request.SessionId); return(false); } Logger.LogDebug("Due to client token use, extending server-side session for subject id {subjectId} and session id {sessionId}", request.SubjectId, request.SessionId); foreach (var session in sessions) { if (session.Expires.HasValue) { // setting the Expires flag on the entity (and not in the AuthenticationTicket) // since we know that when loading from the DB that column will overwrite the // expires in the AuthenticationTicket. var diff = session.Expires.Value.Subtract(session.Renewed); session.Renewed = DateTime.UtcNow; session.Expires = session.Renewed.Add(diff); await ServerSideSessionStore.UpdateSessionAsync(session); } } } } return(true); }
public Task <bool> ValidateSessionAsync(SessionValidationRequest request) { return(Task.FromResult(true)); }