Extend Meta data able to be fetched about a Session

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.

https://asp.net

MIT License

35.32k stars 9.97k forks source link

Extend Meta data able to be fetched about a Session #54044

Open thompson-tomo opened 7 months ago

thompson-tomo commented 7 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am trying to implement an actuator for sesssions modeled on the spring defintiion: https://docs.spring.io/spring-boot/docs/current/actuator-api/htmlsingle/#sessions

Describe the solution you'd like

I would like it to be possible to fetch from the session state additional information about the session such as:

Created datetime
last update datetime
The idle timeout

In the event a user is logged in it should be possible to both fetch the username for that session.

Additional context

n/a

Tratcher commented 7 months ago

Note that browser based sessions should not be used for any authenticated user information. Logins and browser sessions are independent mechanics with no lifetime guaranties between them.

Isn't the idle timeout the same for all sessions? Or do you mean the current calculated value based on last access?

Creation date you can do yourself by having a field in the session for that which you ensure is present for each request.

For last updated, is that just last modified or does it include sliding expiration based on last accessed? You could track last modified yourself but that would be tedious...

thompson-tomo commented 7 months ago

I am simply wanting to provide the data for the actuator, I don't plan to store user information other username so I can see which browser sessions have a user logged in & who. Thinking more about the metadata it would be beneficial to also have a flag logged in for when a user logs out but continued their session.

I know it would be possible to track create date & idle time but was of the thought a common metadata object would be beneficial. Ie Aspire could have a page "sessions" which lists all sessions including start time & last action.

By last updated, I meant last Accessed which I know would be tedious hence wanting it to be available natively which I feel would be easier to achieve.