Skip to main content

SessionManagementService Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.SessionManagement

SessionManagementService Class

Implements session management functionality in accordance with OpenID Connect session management standards. This service is responsible for managing browser sessions by utilizing cookies and providing mechanisms to check and maintain the session state between the client and the server.

public class SessionManagementService : Abblix.Oidc.Server.Features.SessionManagement.ISessionManagementService

Inheritance System.Object → SessionManagementService

Implements ISessionManagementService

Constructors

SessionManagementService(IOptionsSnapshot<OidcOptions>, IRequestInfoProvider) Constructor

Implements session management functionality in accordance with OpenID Connect session management standards. This service is responsible for managing browser sessions by utilizing cookies and providing mechanisms to check and maintain the session state between the client and the server.

public SessionManagementService(Microsoft.Extensions.Options.IOptionsSnapshot<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options, Abblix.Oidc.Server.Common.Interfaces.IRequestInfoProvider requestInfoProvider);

Parameters

options Microsoft.Extensions.Options.IOptionsSnapshot<OidcOptions>

The options for configuring the OpenID Connect session management service.

requestInfoProvider IRequestInfoProvider

The provider for accessing request-related information, such as whether the current request is over HTTPS and the request's base path.

Properties

SessionManagementService.Enabled Property

Indicates whether session management functionality is enabled based on the configured endpoints.

public bool Enabled { get; }

Implements Enabled

Property Value

System.Boolean

Methods

SessionManagementService.GetCheckSessionResponseAsync() Method

Asynchronously generates the response content for the check session endpoint. This method retrieves an HTML template that includes JavaScript code for the client to check the session state.

public System.Threading.Tasks.Task<Abblix.Oidc.Server.Endpoints.CheckSession.Interfaces.CheckSessionResponse> GetCheckSessionResponseAsync();

Implements GetCheckSessionResponseAsync()

Returns

System.Threading.Tasks.Task<CheckSessionResponse>
A task that returns a CheckSessionResponse containing the HTML content for the check session iframe and the name of the session management cookie.

SessionManagementService.GetSessionCookie() Method

Retrieves a cookie configured for session management. This cookie can be used to track the session state between the client and the server.

public Abblix.Oidc.Server.Common.Cookie GetSessionCookie();

Implements GetSessionCookie()

Returns

Cookie
A Cookie object configured with session management settings, such as the cookie name, domain, path, and security attributes.

Remarks

Cookie attributes are configured for OpenID Connect Session Management compliance:

  • HttpOnly = false - Required for check_session_iframe JavaScript to read the cookie
  • SameSite = None - Required for cross-origin iframe access in Session Management
  • Secure - Set based on the current request's HTTPS status (required when SameSite=None)

SessionManagementService.GetSessionState(AuthorizationRequest, string) Method

Generates a session state string for an authorization request. This string can be used by the client to validate the session state.

public string GetSessionState(Abblix.Oidc.Server.Model.AuthorizationRequest request, string sessionId);

Parameters

request AuthorizationRequest

The authorization request containing client and redirect URI information.

sessionId System.String

A unique identifier for the session.

Implements GetSessionState(AuthorizationRequest, string)

Returns

System.String
A session state string composed of the client ID, origin, session ID, and a salt value, hashed for security.