0

We have a web application using WIF and we are trying to implement sliding sessions. The code in use seems to be creating the new SessionToken correctly however I am still seeing the old SessionToken even after the new token has been created. There appears to be some latency between when the token is created and "made available." 

void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{

    e.ReissueCookie = true;
    e.SessionToken =
        new SessionSecurityToken(
            token.ClaimsPrincipal,
            token.Context,
            DateTime.UtcNow,
            DateTime.UtcNow.Add(sessionDuration))
        {
            IsPersistent = token.IsPersistent,
            IsReferenceMode = token.IsReferenceMode
        };

}

My question is how long does it take for WIF to to reissue a token when it has been created programmatically?

Achilles
  • 11,165
  • 9
  • 62
  • 113
  • What is `token`? Also, how do you see that there are two tokens? And last, wif doesn't reissue tokens nor cookies on its own. – Wiktor Zychla Feb 13 '14 at 19:10
  • When I set a breakpoint on this event I see that the old ValidFrom and ValidTo dates are still on the e.SessionToken. What issues the tokens if not WIF? The STS? – Achilles Feb 13 '14 at 19:39
  • Conceptually, STS issues tokens. WIF consumes tokens and creates cookies out of tokens to authenticate users. In a sense then WIF "issues" cookies when it rereads the cookie and sets the principal according to the token persisted in the cookie. – Wiktor Zychla Feb 13 '14 at 19:58
  • Thanks for the clarity, do you have any thoughts about my question? I'm creating a new token yet I'm not seeing the ValidTo and ValidFrom dates change on the next request. – Achilles Feb 13 '14 at 20:03
  • 1
    Can't verify it now as I don't have the compiler at hand but it looks good. However, comparing to other sliding expiration wif approaches, people usually create the new token using SAM rather than the bare constructor. Could you try that? http://stackoverflow.com/questions/18641421/wif-sliding-session-re-authenticate – Wiktor Zychla Feb 13 '14 at 20:12

0 Answers0