public bool IsSessionHijacked(Request request)
{
if (!_sessionDetector.IsInSession(request))
{
return(false);
}
// ToDo: use real cookie name
var secureCookie = _cookieReader.Read(request, "_nsid");
return(secureCookie == null || !secureCookie.IsSecured || secureCookie.Hash != _hashGenerator.GenerateHash(request));
}
public void StripHashFromCookie(Request request)
{
if (!_sessionDetector.IsInSession(request))
{
return;
}
// ToDo: use real cookie name
var secureCookie = _secureSessionCookieReader.Read(request, "_nsid");
if (secureCookie == null)
{
return;
}
// ToDo: use real cookie name
request.Cookies["_nsid"] = secureCookie.SessionId;
}