Nell/eShopOnWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5d34222f28e14958f3e6e12b44fc88f85366b310
eShopOnWeb/src/Web/Configuration/ConfigureCookieSettings.cs
Cédric Michel 5d34222f28 add cached on logout with revoke cookie identity key (#605) 
* add cached on logout with revoke cookie identity key

* properly signout as recommended : https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-5.0#react-to-back-end-changes

* add remark regarding multi-host scenario

* Update src/Web/Configuration/RevokeAuthenticationEvents.cs

Co-authored-by: Steve Smith <steve@kentsmiths.com>
2021-11-01 09:49:53 -04:00

42 lines
1.6 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using System;
namespace Microsoft.eShopWeb.Web.Configuration
{
public static class ConfigureCookieSettings
{
public const int ValidityMinutesPeriod = 60;
public const string IdentifierCookieName = "EshopIdentifier";
public static IServiceCollection AddCookieSettings(this IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
//TODO need to check that.
//options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Strict;
});
services.ConfigureApplicationCookie(options =>
{
options.EventsType = typeof(RevokeAuthenticationEvents);
options.Cookie.HttpOnly = true;
options.ExpireTimeSpan = TimeSpan.FromMinutes(ValidityMinutesPeriod);
options.LoginPath = "/Account/Login";
options.LogoutPath = "/Account/Logout";
options.Cookie = new CookieBuilder
{
Name = IdentifierCookieName,
IsEssential = true // required for auth to work without explicit user consent; adjust to suit your privacy policy
};
});
services.AddScoped<RevokeAuthenticationEvents>();
return services;
}
}
}
Reference in New Issue View Git Blame Copy Permalink