zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix where the encrypted session id gets corrupted resulting in a loop and a 500

Browse source 
error

Explicitly cleared the session and authentication cookies
This commit is contained in:
robvde 2012-07-25 19:33:43 +04:00
parent ba1e53b8d2
commit 2a790f105d
2 changed files with 23 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
WebsitePanel/Sources/WebsitePanel.WebPortal/Code/SecureSessionModule.cs
View file

@ -64,15 +64,17 @@ namespace WebsitePanel.WebPortal
// Look for an incoming cookie named "ASP.NET_SessionID"
HttpRequest request = ((HttpApplication)sender).Request;
HttpCookie cookie = GetCookie(request, "ASP.NET_SessionId");
HttpCookie authCookie = request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
// Throw an exception if the cookie lacks a MAC
if (cookie.Value.Length <= 24)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
cookie.Value = GetSessionIDMac(cookie.Value, request.UserHostAddress, request.UserAgent, _ValidationKey);
if ((authCookie != null))
{
WebsitePanel.Portal.PortalUtils.UserSignOut();
}
return;
}
@ -87,10 +89,7 @@ namespace WebsitePanel.WebPortal
// Throw an exception if the MACs don't match
if (String.CompareOrdinal(mac1, mac2) != 0)
{
FormsAuthentication.SignOut();
HttpContext.Current.Response.Redirect(DefaultPage.GetPageUrl(PortalConfiguration.SiteSettings["DefaultPage"]));
cookie.Value = GetSessionIDMac(cookie.Value, request.UserHostAddress, request.UserAgent, _ValidationKey);
WebsitePanel.Portal.PortalUtils.UserSignOut();
}
// Strip the MAC from the cookie before ASP.NET sees it