public virtual string GetSessionKey(HttpContext context, out bool isNew) { isNew = false; string cookieKey = _options.Value.SessionOptions.CookieName; string sessionId = CookieProtection.Unprotect(_dataProtector, context.Request.Cookies[cookieKey]); if (string.IsNullOrEmpty(sessionId)) { isNew = true; sessionId = _generator.Create(); } //SessionEstablisher.CreateCallback(context, CookieProtection.Protect(_dataProtector, sessionId), _options.Value); return(sessionId); }
public virtual void ApplySessionKey(HttpContext context, string key) { var cookieOptions = new CookieOptions { Domain = _options.Value.SessionOptions.CookieDomain, HttpOnly = _options.Value.SessionOptions.CookieHttpOnly, Path = _options.Value.SessionOptions.CookiePath ?? "/", }; if (_options.Value.SessionOptions.CookieSecure == CookieSecurePolicy.SameAsRequest) { cookieOptions.Secure = context.Request.IsHttps; } else { cookieOptions.Secure = _options.Value.SessionOptions.CookieSecure == CookieSecurePolicy.Always; } context.Response.Cookies.Append(_options.Value.SessionOptions.CookieName, CookieProtection.Protect(_dataProtector, key), cookieOptions); context.Response.Headers["Cache-Control"] = "no-cache"; context.Response.Headers["Pragma"] = "no-cache"; context.Response.Headers["Expires"] = "-1"; //SessionEstablisher.CreateCallback(context, CookieProtection.Protect(_dataProtector, key), _options.Value); //SessionEstablisher.CreateCallback(context, CookieProtection.Protect(_dataProtector, key), _options.Value).SetCookie(); }