-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for sessions cookies to be 'root only' #53
Comments
Very good suggestion @JoJoBond However there are 2 things I have changed: Documentation below:
|
…ault value is / Pleaser see issue #53
Please check it out and let us know your comments. If this works let's just close the issue. |
Looks great. And seems to work as expected. Small typo in the comment at 'Inf '. Issue can be closed. |
The session module will create session cookies whenever it finds no matching cookie for the requested path.
These cookies will e create for the path that has been requested.
e.g. If the request is for http://www.sample.com/foo/bar the cookie path will be something like '/foo/bar'.
This behaviour can lead to a single use having multiple vaild session cookies at once.
If a user has no valid cookie for a site and requests the path '/foo/bar', a cookie for that path will be created.
If the user then requests the path '/bar/foo', another cookie will be created, since the path of the previous one does not match.
Maintaining sessions is quite a task with mutliple sessions per path per user.
To solve issues like this, cookies can be created for the root path of a server exclusively.
This way a user will get a single cookie that is valid for the whole domain.
I'd therefore suggest to add an UseRootPathOnly property to the session module:
In ISessionWebModule.cs after line 56 insert:
In LocalSessionModule.cs after line 192 insert:
In LocalSessionModule.cs replace line 37 with:
or
The text was updated successfully, but these errors were encountered: