/// <inheritdoc cref="Owasp.Esapi.Interfaces.IHttpUtilities.ChangeSessionIdentifier()" /> public void ChangeSessionIdentifier() { SessionIDManager manager = new SessionIDManager(); string newSessionId = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool IsAdded = false; manager.SaveSessionID(HttpContext.Current, newSessionId, out redirected, out IsAdded); }
protected void Session_Start(Object sender, EventArgs e) { SessionIDManager manager = new SessionIDManager(); string newSessionId = manager.CreateSessionID(HttpContext.Current); var ckSession = new HttpCookie("omg-session"); ckSession.Value = newSessionId; HttpContext.Current.Response.Cookies.Add(ckSession); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); if(filterContext.HttpContext.Session["SessionID"] == null) { SessionIDManager mgr = new SessionIDManager(); string sessionID = mgr.CreateSessionID(HttpContext.Current); filterContext.HttpContext.Session.Timeout = 30; filterContext.HttpContext.Session["SessionID"] = sessionID; } }
protected void Page_Load(object sender, EventArgs e) { IHttpUtilities httpUtilities = Esapi.HttpUtilities; httpUtilities.ChangeSessionIdentifier(); SessionIDManager manager = new SessionIDManager(); String orig = manager.GetSessionID(HttpContext.Current); if (String.IsNullOrEmpty(orig)) { string newSessionId = manager.CreateSessionID(HttpContext.Current); Session["cookie"] = newSessionId; } }
protected string _AbandonSession() { Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); SessionIDManager sessionManager = new SessionIDManager(); string sID = sessionManager.CreateSessionID(System.Web.HttpContext.Current); bool redirected = false; bool cookieAdded = false; sessionManager.SaveSessionID(System.Web.HttpContext.Current, sID, out redirected, out cookieAdded); return sID; }
private void RegenerateSessionId() { var Context = System.Web.HttpContext.Current; System.Web.SessionState.SessionIDManager manager = new System.Web.SessionState.SessionIDManager(); string oldId = manager.GetSessionID(Context); string newId = manager.CreateSessionID(Context); bool isAdd = false, isRedir = false; manager.SaveSessionID(Context, newId, out isRedir, out isAdd); HttpApplication ctx = Context.ApplicationInstance; HttpModuleCollection mods = ctx.Modules; System.Web.SessionState.SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) { store = (SessionStateStoreProviderBase)field.GetValue(ssm); } if (field.Name.Equals("_rqId")) { rqIdField = field; } if (field.Name.Equals("_rqLockId")) { rqLockIdField = field; } if (field.Name.Equals("_rqSessionStateNotFound")) { rqStateNotFoundField = field; } } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) { store.ReleaseItemExclusive(Context, oldId, lockId); } rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); bool redirected = false; bool IsAdded = false; Manager.SaveSessionID(Context, NewID, out redirected, out IsAdded); this.UsuarioL.Focus(); Session.Abandon(); UsuarioL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); ContrasenaL.Attributes.Add("onkeypress", "return clickButton(event,'" + BtnLogin.ClientID + "')"); } }
protected void Page_Load(object sender, EventArgs e) { try { if (Session["Username"] == null && Session.IsNewSession == false) { Response.Redirect("Logout.aspx", false); return; } if (globle.UserValue != null && Session.IsNewSession == true) { Session["Username"] = globle.UserValue; Session["Role"] = globle.Role; Session["Location"] = ""; Session["PF_Index"] = globle.PF_Index; Session["LoggedIn"] = "Yes"; } else if (globle.UserValue == null) { Response.Redirect("Logout.aspx", false); return; } else { HttpContext.Current.Session.Abandon(); HttpContext.Current.Session.Clear(); Session["Username"] = null; Session.Abandon(); Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Response.Cookies.Add(new HttpCookie("__AntiXsrfToken", "")); Request.Cookies.Clear(); HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache, no-store, must-revalidate"); HttpContext.Current.Response.AddHeader("Pragma", "no-cache"); HttpContext.Current.Response.AddHeader("Expires", "0"); Session.Abandon(); // Session Expire but cookie do exist // Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30); //Delete the cookie Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-1); HttpContext.Current.Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); Request.Cookies["Asp.net_sessionId"].Expires = DateTime.UtcNow.AddDays(-1d); Response.Cookies["Asp.net_sessionId"].Value = ""; Response.Cookies["Username"].Value = ""; Response.Cookies.Add(Request.Cookies["Username"]); Session.RemoveAll(); Session.Abandon(); Session["Username"] = null; Session.Clear(); ClearCache(); string USER = globle.UserValue; FormsAuthentication.SignOut(); Context.ApplicationInstance.CompleteRequest(); bool redirected = false; bool isAdded = false; System.Web.SessionState.SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string NewID = Manager.CreateSessionID(Context); string OldID = Context.Session.SessionID; Manager.SaveSessionID(Context, NewID, out redirected, out isAdded); } } catch (Exception) { // string USER = globle.UserValue; // Dictionary<string, string> dic = ((Dictionary<string, string>)Application["Sessions"]); // ((Dictionary<string, string>)Application["Sessions"]).Remove(USER); } }
/// <summary> /// Try to retrive the existing session data from Redis /// If the data is not found, it will create a new session with a new sessionId /// </summary> private void InitSession() { // If sessionProvider is not null that means we already initialized the session and got the dataStore if (_sessionProvider == null) { _sessionProvider = new RedisASPSessionStateProvider(); } _storeData = null; // Get write lock and session from cache bool locked; TimeSpan lockAge; object lockId; SessionStateActions actions; if (!string.IsNullOrWhiteSpace(_sessionId)) { // Try Retrieve the existing session _storeData = _sessionProvider.GetItem(null, _sessionId, out locked, out lockAge, out lockId, out actions); } // If we cannot find an existing session we will create a new one if (_storeData == null) { // Generate a new session id SessionIDManager Manager = new SessionIDManager(); _sessionId = Manager.CreateSessionID(_context); // Create a new Session in Redis _sessionTimeout = (int)RedisSessionStateProvider.configuration.SessionTimeout.TotalMinutes; _sessionProvider.CreateUninitializedItem(null, _sessionId, _sessionTimeout); // Get the store Data from the new session created _storeData = _sessionProvider.GetItem(null, _sessionId, out locked, out lockAge, out lockId, out actions); // If for some reason it failed to get the store data we raise an exception if (_storeData == null) { throw new InvalidOperationException("Store Data cannot be created"); } } }
//tymczasowo nieużywana private string NewSessionId() { SessionIDManager manager = new SessionIDManager(); string newID = manager.CreateSessionID(HttpContext.Current); bool redirected = false; bool isAdded = false; manager.SaveSessionID(HttpContext.Current, newID, out redirected, out isAdded); return newID; }
/// <summary> /// sigh - this fixes a f****d up issue, where previewing pages containing code writing to Session, /// will breake all subsequent page previews regardless of content. Should you obtain the wisdom as /// to what exactly is the trick here, I'd love to now. I will leave it as "well, this fix the issue /// and pass testing. Hurray for Harry Potter and magic!". Oh how I loathe doing that :( /// </summary> /// <param name="ctx">the Http context that will be shared between master and child process</param> private static void AllowChildRequestSessionAccess(HttpContext ctx) { SessionIDManager manager = new SessionIDManager(); string oldId = manager.GetSessionID(ctx); string newId = manager.CreateSessionID(ctx); bool isAdd = false, isRedir = false; manager.SaveSessionID(ctx, newId, out isRedir, out isAdd); HttpApplication ctx2 = (HttpApplication)HttpContext.Current.ApplicationInstance; HttpModuleCollection mods = ctx2.Modules; SessionStateModule ssm = (SessionStateModule)mods.Get("Session"); System.Reflection.FieldInfo[] fields = ssm.GetType().GetFields(BindingFlags.NonPublic | BindingFlags.Instance); SessionStateStoreProviderBase store = null; System.Reflection.FieldInfo rqIdField = null, rqLockIdField = null, rqStateNotFoundField = null; foreach (System.Reflection.FieldInfo field in fields) { if (field.Name.Equals("_store")) store = (SessionStateStoreProviderBase)field.GetValue(ssm); if (field.Name.Equals("_rqId")) rqIdField = field; if (field.Name.Equals("_rqLockId")) rqLockIdField = field; if (field.Name.Equals("_rqSessionStateNotFound")) rqStateNotFoundField = field; } object lockId = rqLockIdField.GetValue(ssm); if ((lockId != null) && (oldId != null)) store.ReleaseItemExclusive(ctx, oldId, lockId); rqStateNotFoundField.SetValue(ssm, true); rqIdField.SetValue(ssm, newId); }
public void LoginUser(string user, string token) { if (!AuthenticateUser(user, token)) { String result = "{result: 'error', errormsg: 'Login Failed!'}"; SendResponse(result); } else { if(user.ToLower().Equals("guest")) { user = "******"; } User session_user = UserBLL.GetUserByEmail(user); SessionIDManager Manager = new System.Web.SessionState.SessionIDManager(); string session_id = Manager.CreateSessionID(Context); GreyhoundSession session = new GreyhoundSession(session_id, session_user); // TODO: Implement session keys: // 1) generate a session key and ad it to the session keys table with an expiration date and associated to the user id // 2) return the key to the mobile application // 3) in each method call check the session key validity for the user id: // i) if the key is invalid ignore the request // ii) if the key is valid respond to the method call // iii) if the key is valid but has expired generate a new key, return the key to the mobile app and respond to the method call String result = "{result: 'success', " + "sessionid: '" + session.Session_Id + "'," + "user_id: '" + session_user.User_Id + "'," + "role_id: '" + session_user.Role_Id + "'," + "name: '" + session_user.Name + "'," + "address: '" + session_user.Address + "'," + "mobile: '" + session_user.Mobile + "'," + "paypal_id: '" + session_user.Paypal_Id + "'," + "betfair_id: '" + session_user.Betfair_Id + "'," + "expire: '" + session.Validity + "'}"; SendResponse(result); } }