From 986ddbabdd03720b77fd4a16859c722c26d5a03c Mon Sep 17 00:00:00 2001 From: cmurialdo Date: Thu, 3 Nov 2022 09:37:17 -0300 Subject: [PATCH 1/2] Session recovery after an application encryption key renewal was not working in .NET. Fixes the 403 forbidden error after a second deployment that changes the application encryption key. --- .../dotnetframework/GxClasses/Middleware/GXHttp.cs | 13 ++++++++++--- .../dotnetframework/GxClasses/Model/GXBaseObject.cs | 9 +++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttp.cs b/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttp.cs index 679478da7..97604dd43 100644 --- a/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttp.cs +++ b/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttp.cs @@ -1537,17 +1537,24 @@ protected void SendResponseStatus(HttpStatusCode statusCode) SendResponseStatus((int)statusCode, string.Empty); } + +#if !NETCORE protected void SendResponseStatus(int statusCode, string statusDescription) { context.HttpContext.Response.StatusCode = statusCode; -#if !NETCORE if (!string.IsNullOrEmpty(statusDescription)) context.HttpContext.Response.StatusDescription = statusDescription; -#endif this.setAjaxCallMode(); this.disableOutput(); } - +#else + protected override void SendResponseStatus(int statusCode, string statusDescription) + { + context.HttpContext.Response.StatusCode = statusCode; + this.setAjaxCallMode(); + this.disableOutput(); + } +#endif private void SendReferer() { context.httpAjaxContext.ajax_rsp_assign_hidden("sCallerURL", context.GetReferer()); diff --git a/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs b/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs index f0336a6d3..a0b00fe32 100644 --- a/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs +++ b/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs @@ -142,10 +142,17 @@ private string Encrypt64(string value, string key, bool safeEncoding) } catch (InvalidKeyException) { + context.SetCookie("GX_SESSION_ID", string.Empty, string.Empty, DateTime.MinValue, string.Empty, context.GetHttpSecure()); GXLogging.Error(log, "440 Invalid encryption key"); + SendResponseStatus(440, "Session timeout"); } return sRet; } + protected virtual void SendResponseStatus(int statusCode, string statusDescription) + { + context.HttpContext.Response.StatusCode = statusCode; + } + protected string UriEncrypt64(string value, string key) { return Encrypt64(value, key, true); @@ -164,7 +171,9 @@ private string Decrypt64(string value, string key, bool safeEncoding) } catch (InvalidKeyException) { + context.SetCookie("GX_SESSION_ID", string.Empty, string.Empty, DateTime.MinValue, string.Empty, context.GetHttpSecure()); GXLogging.Error(log, "440 Invalid encryption key"); + SendResponseStatus(440, "Session timeout"); } return sRet; } From 8795d39267b0d197da6bf64ed1d34e2940f3e5ef Mon Sep 17 00:00:00 2001 From: cmurialdo Date: Thu, 3 Nov 2022 10:37:38 -0300 Subject: [PATCH 2/2] Remove unused using. --- dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs b/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs index a0b00fe32..eb7e0ceec 100644 --- a/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs +++ b/dotnet/src/dotnetframework/GxClasses/Model/GXBaseObject.cs @@ -1,4 +1,3 @@ -using GeneXus.Diagnostics; using GeneXus.Encryption; using GeneXus.Http; using GeneXus.Utils;