cant access Session in other API - Githubissues

aspnet / Session

[Archived] Session state middleware for ASP.NET Core. Project moved to https://github.com/aspnet/AspNetCore

Apache License 2.0

126 stars 66 forks source link

cant access Session in other API #190

Closed meninjanho4788 closed 7 years ago

meninjanho4788 commented 7 years ago

I use netcore, i have two API, one API Set Session value HttpContext.Session.SetString("GoogleProvider", info.ProviderKey);

And one API get this session but result is null. HttpContext.Session.GetString("GoogleProvider");

Tratcher commented 7 years ago

That's a bit vague. Are these two different Actions, Controllers, or completely separate applications?

meninjanho4788 commented 7 years ago

Yes, i have two controller : AccountController(api/account/registry) is set Session and AuthorizationController(connect/token) is get Session, and it in same application.

I try Set and Get Session in AccountController it have value. but when Get in other controll it null

meninjanho4788 commented 7 years ago

My code : AccountController

[HttpGet("ExternalLoginCallback")]
    [AllowAnonymous]
    public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
    {  ....
HttpContext.Session.SetString("MySession", info.ProviderKey);
...
}

AuthorizationController :

[HttpPost("~/connect/token"), Produces("application/json")]
    [AllowAnonymous]
    public async Task<IActionResult> Exchange(OpenIdConnectRequest request)
    {
var dataSession = HttpContext.Session.GetString("MySession");
//dataSession is null
}

meninjanho4788 commented 7 years ago

My Setting in Status.cs :

public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(options =>
          { options.Filters.Add(typeof(ModelValidationFilter)); })
          .AddJsonOptions(options =>
{ options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;        });
      services.AddMemoryCache();
      services.AddSession();
}
public void Configure(IApplicationBuilder app)
    {
app.UseSession();
app.UseMvc(routes =>
      {
        routes.MapSpaFallbackRoute( name: "spa-fallback",  defaults: new { controller = "Home", action = "Index" });
      });
}

meninjanho4788 commented 7 years ago

Many thank you. I need n't use session in API because it will make my application vulnerable to this class of attack. I will try other way.

My English is not good !