search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.38k stars 10k forks source link

Session cookie ITicketStore & ISecureDataFormat #51092

Closed TheTrigger closed 8 months ago

TheTrigger commented 1 year ago

AFAIK there is no way to use ITicketStore and ISecureDataFormat with session cookie

example usage with identity cookie:

services.AddOptions<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme)
           .Configure<ITicketStore, MyCookieDataFormat>((options, store, dataFormat) =>
{
  options.TicketDataFormat = dataFormat;
  options.SessionStore = store;
  // ...
};

a similar API for the session cookie would be good

Tratcher commented 1 year ago

By session cookie you mean SessionOptions.Cookie? Why would you want ITicketStore and ISecureDataFormat there? https://github.com/dotnet/aspnetcore/blob/8ce579fd9a07bd595d635572005e71ebe8c4d7a2/src/Middleware/Session/src/SessionOptions.cs#L28

TheTrigger commented 1 year ago

Hello, no you can't do it with the CookieBuilder

It's more of a curiosity than a necessity, I tried to customize the cookie format but I found a barrier

curious that no one has ever customized cookies

Tratcher commented 1 year ago

The session cookie is much different, it only stores an identifier, not data, there's not much to customize.

TheTrigger commented 1 year ago

Yes but the identifier is generated from ITicketStore and secured by ISecureDataFormat, the result is stored on the cookie.

There is no way to use my custom implementation of those two interfaces (?)

Tratcher commented 1 year ago

SessionOptions is for browser sessions, not user sessions, it's not associated with auth in any way.

dotnet-policy-service[bot] commented 8 months ago

Looks like this PR hasn't been active for some time and the codebase could have been changed in the meantime. To make sure no conflicting changes have occurred, please rerun validation before merging. You can do this by leaving an /azp run comment here (requires commit rights), or by simply closing and reopening.

dotnet-policy-service[bot] commented 8 months ago

Looks like this PR hasn't been active for some time and the codebase could have been changed in the meantime. To make sure no conflicting changes have occurred, please rerun validation before merging. You can do this by leaving an /azp run comment here (requires commit rights), or by simply closing and reopening.

mkArtakMSFT commented 8 months ago

Thanks for contacting us. We believe that the question you've raised have been answered. If you still feel a need to continue the discussion, feel free to reopen it and add your comments.