SessionAuthenticationModule.SessionSecurityTokenReceived Event
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Occurs when a session security token has been read from a cookie.
public:
event EventHandler<System::IdentityModel::Services::SessionSecurityTokenReceivedEventArgs ^> ^ SessionSecurityTokenReceived;public event EventHandler<System.IdentityModel.Services.SessionSecurityTokenReceivedEventArgs> SessionSecurityTokenReceived;member this.SessionSecurityTokenReceived : EventHandler<System.IdentityModel.Services.SessionSecurityTokenReceivedEventArgs> Public Custom Event SessionSecurityTokenReceived As EventHandler(Of SessionSecurityTokenReceivedEventArgs) Public Event SessionSecurityTokenReceived As EventHandler(Of SessionSecurityTokenReceivedEventArgs) Event Type
Examples
The following code shows a handler for the SessionSecurityTokenReceived event implemented in the global.asax.cs file of an ASP.NET web application. You must also add the handler to the event. A more complete example is shown in the SessionAuthenticationModule overview topic.
void SessionAuthenticationModule_SessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e)
{
System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenReceived event");
}
Remarks
The SessionSecurityTokenReceived event is raised from within the OnAuthenticateRequest method after a session token (SessionSecurityToken) has been successfully read from the session cookie.
You can use this event to modify properties of the session token before it is passed further along the pipeline and is used to authenticate the entity making the request (user). One of the most common scenarios involves modifying the session expiration time (accessible through the SessionSecurityToken.ValidTo property) to override the session expiration time set in configuration through the lifetime attribute of the <sessionTokenRequirement> element. By modifying this property on each request, you can implement a sliding session; that is, a session in which the lifetime is extended each time the user accesses the site.
In an event handler, you can access the token through the SessionSecurityTokenReceivedEventArgs.SessionToken property. After modifying the token, you can ensure that it is written back to the cookie by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie to true. Finally, the SessionSecurityTokenReceived event is a cancelable event, and you can set the Cancel property of the SessionSecurityTokenReceivedEventArgs to abort further processing of the request.
