SessionManagementService Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.SessionManagement
SessionManagementService Class
Implements session management functionality in accordance with OpenID Connect session management standards. This service is responsible for managing browser sessions by utilizing cookies and providing mechanisms to check and maintain the session state between the client and the server.
public class SessionManagementService : Abblix.Oidc.Server.Features.SessionManagement.ISessionManagementService
Inheritance System.Object → SessionManagementService
Implements ISessionManagementService
Constructors
SessionManagementService(IOptionsSnapshot<OidcOptions>, IRequestInfoProvider) Constructor
Implements session management functionality in accordance with OpenID Connect session management standards. This service is responsible for managing browser sessions by utilizing cookies and providing mechanisms to check and maintain the session state between the client and the server.
public SessionManagementService(Microsoft.Extensions.Options.IOptionsSnapshot<Abblix.Oidc.Server.Common.Configuration.OidcOptions> options, Abblix.Oidc.Server.Common.Interfaces.IRequestInfoProvider requestInfoProvider);
Parameters
options Microsoft.Extensions.Options.IOptionsSnapshot<OidcOptions>
The options for configuring the OpenID Connect session management service.
requestInfoProvider IRequestInfoProvider
The provider for accessing request-related information, such as whether the current request is over HTTPS and the request's base path.
Properties
SessionManagementService.Enabled Property
Indicates whether session management functionality is enabled based on the configured endpoints.
public bool Enabled { get; }
Implements Enabled
Property Value
Methods
SessionManagementService.GetCheckSessionResponseAsync() Method
Asynchronously generates the response content for the check session endpoint. This method retrieves an HTML template that includes JavaScript code for the client to check the session state.
public System.Threading.Tasks.Task<Abblix.Oidc.Server.Endpoints.CheckSession.Interfaces.CheckSessionResponse> GetCheckSessionResponseAsync();
Implements GetCheckSessionResponseAsync()
Returns
System.Threading.Tasks.Task<CheckSessionResponse>
A task that returns a CheckSessionResponse
containing the HTML content for the check session iframe and the name of the session management cookie.
SessionManagementService.GetSessionCookie() Method
Retrieves a cookie configured for session management. This cookie can be used to track the session state between the client and the server.
public Abblix.Oidc.Server.Common.Cookie GetSessionCookie();
Implements GetSessionCookie()
Returns
Cookie
A Cookie object configured with session management settings, such as the cookie name,
domain, path, and security attributes.
Remarks
Cookie attributes are configured for OpenID Connect Session Management compliance:
HttpOnly = false- Required for check_session_iframe JavaScript to read the cookieSameSite = None- Required for cross-origin iframe access in Session ManagementSecure- Set based on the current request's HTTPS status (required when SameSite=None)
SessionManagementService.GetSessionState(AuthorizationRequest, string) Method
Generates a session state string for an authorization request. This string can be used by the client to validate the session state.
public string GetSessionState(Abblix.Oidc.Server.Model.AuthorizationRequest request, string sessionId);
Parameters
request AuthorizationRequest
The authorization request containing client and redirect URI information.
sessionId System.String
A unique identifier for the session.
Implements GetSessionState(AuthorizationRequest, string)
Returns
System.String
A session state string composed of the client ID, origin, session ID, and a salt value, hashed for security.