internal override void CacheSession() { var sessionInfo = new CachedSessionInfo(SessionKey, UserId, ExpiryTime); if (UseHttpSession) { HttpSession[SESSION_INFO_SESSION_KEY] = sessionInfo; } else { HttpContext.Current.Response.Cookies.Set(new HttpCookie(SESSION_KEY_COOKIE, sessionInfo.SessionKey)); HttpContext.Current.Response.Cookies.Set(new HttpCookie(USER_ID_COOKIE, sessionInfo.UserId.ToString())); HttpContext.Current.Response.Cookies.Set(new HttpCookie(EXPIRY_TIME_COOKIE, sessionInfo.ExpiryTime.ToString())); } }
private void LoadFromRequest() { if (string.IsNullOrEmpty(ApplicationKey) || string.IsNullOrEmpty(ApplicationSecret)) { throw new Exception( "Session must have application key and secret before logging in." + Environment.NewLine + "To set them in your web.config, use something like the following:" + Environment.NewLine + "<appSettings>" + Environment.NewLine + " <add key=\"ApiKey\" value =\"YOURApiKEY\"/>" + Environment.NewLine + " <add key=\"Secret\" value =\"YOURSECRET\"/>" + Environment.NewLine + "</appSettings>\""); } if (HttpContext.Current.Response == null || HttpContext.Current.Request == null) { throw new Exception("Session must have both an HttpRequest object and an HttpResponse object to login."); } bool inProfileTab = HttpContext.Current.Request[QueryParameters.InProfileTab] == "1"; string sessionKeyFromRequest = inProfileTab ? HttpContext.Current.Request[QueryParameters.ProfileSessionKey] : HttpContext.Current.Request[QueryParameters.SessionKey]; string authToken = HttpContext.Current.Request[QueryParameters.AuthToken]; CachedSessionInfo cachedSessionInfo = LoadCachedSession(); if (!string.IsNullOrEmpty(sessionKeyFromRequest)) { SetSessionProperties( sessionKeyFromRequest, long.Parse(inProfileTab ? HttpContext.Current.Request[QueryParameters.ProfileUser] : HttpContext.Current.Request[QueryParameters.User]), DateHelper.ConvertUnixTimeToDateTime(long.Parse(HttpContext.Current.Request[QueryParameters.Expires]))); } else if (cachedSessionInfo != null && (HttpContext.Current.Request.HttpMethod == "POST" || !string.IsNullOrEmpty(authToken))) // only use cached info if user hasn't removed the app { SetSessionProperties(cachedSessionInfo.SessionKey, cachedSessionInfo.UserId, cachedSessionInfo.ExpiryTime); } else if (!string.IsNullOrEmpty(authToken)) { session_info sessionInfo = new Api(this).Auth.GetSession(authToken); SetSessionProperties(sessionInfo.session_key, sessionInfo.uid, DateHelper.ConvertUnixTimeToDateTime(sessionInfo.expires)); } }
private bool HaveValidCachedSession(CachedSessionInfo cachedSessionInfo, string authToken, string apiKeyRequestParam) { if (cachedSessionInfo == null) { return false; } else if (DateTime.Now > cachedSessionInfo.ExpiryTime) { return false; } // assume for now that all POST requests are valid, since they would have come from a GET just before now else if (HttpContext.Current.Request.HttpMethod == "POST") { return true; } // this is the case where the user removed the app, but now came back and wants to re-add it. // need to check apiKeyRequestParam, too, to make sure this link is coming from Facebook with proper request params, // instead of from within our app where request params are not expected else if (string.IsNullOrEmpty(authToken) && !string.IsNullOrEmpty(apiKeyRequestParam)) { return false; } else { return true; } }