public bool IsSessionHijacked(Request request) { if (!_sessionDetector.IsInSession(request)) { return(false); } // ToDo: use real cookie name var secureCookie = _cookieReader.Read(request, "_nsid"); return(secureCookie == null || !secureCookie.IsSecured || secureCookie.Hash != _hashGenerator.GenerateHash(request)); }
public void StripHashFromCookie(Request request) { if (!_sessionDetector.IsInSession(request)) { return; } // ToDo: use real cookie name var secureCookie = _secureSessionCookieReader.Read(request, "_nsid"); if (secureCookie == null) { return; } // ToDo: use real cookie name request.Cookies["_nsid"] = secureCookie.SessionId; }