[ENHANCEMENT] Ensure Stateless flag functions as designed for session management

Author: lanesCSO

rls/packages/API.Library.6.1.18.nupkg

@@ -12,13 +12,12 @@
     <PackageId>API.Library</PackageId>
     <Product>API Library</Product>
     <Copyright>Central Statistics Office, Ireland</Copyright>
-    <Version>6.1.21</Version>
+    <Version>6.1.22</Version>
     <Authors>Central Statistics Office, Ireland</Authors>
     <SignAssembly>False</SignAssembly>
     <RepositoryUrl>https://github.com/CSOIreland/Server-API-Library</RepositoryUrl>
     <PackageReleaseNotes>
-      - [BUG FIX] Added cache storage of the key GET_WITH_CAS_TIMEOF_EXCEPTION key to store the datetime value of when the GetWithCas exception occurred.
-      - [BUG FIX] Fixes for session to not be expired and System.ArgumentOutOfRangeException when calling GetWithCas.
+      [ENHANCEMENT] Ensure Stateless flag functions as designed for session management
     </PackageReleaseNotes>
     <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
     <RestoreLockedMode>true</RestoreLockedMode>

rls/packages/API.Library.6.1.19.nupkg

@@ -114,6 +114,8 @@ public Common()
             //Log.Instance.Info("AD Username: " + ApiServicesHelper.ApiConfiguration.Settings["API_AD_USERNAME"]);
             //Log.Instance.Info("AD Password: ********"); // Hide API_AD_PASSWORD from logs
 
+
+
             // Check if the request is Stateless
             if (Convert.ToBoolean(ApiServicesHelper.ApiConfiguration.Settings["API_STATELESS"]))
             {
@@ -122,7 +124,7 @@ public Common()
                 if (userPricipalCache.hasData)
                 {
                     isAuthenticated = true;
-                    var userPricipalCacheDeserialized  = Utility.JsonDeserialize_IgnoreLoopingReference<ExpandoObject>(userPricipalCache.data.ToString());
+                    var userPricipalCacheDeserialized = Utility.JsonDeserialize_IgnoreLoopingReference<ExpandoObject>(userPricipalCache.data.ToString());
                     UserPrincipal = userPricipalCacheDeserialized == null ? null : userPricipalCacheDeserialized;
                     Log.Instance.Info("Authentication retrieved from Cache");
                 }
@@ -137,7 +139,7 @@ public Common()
                         UserPrincipal = ApiServicesHelper.ActiveDirectory.CreateAPIUserPrincipalObject(UserPrincipal);
 
                         // Set the cache to expire at midnight
-                        if (ApiServicesHelper.CacheD.Store_BSO<dynamic>("API", "Common", "Authenticate", NetworkIdentity,Utility.JsonSerialize_IgnoreLoopingReference(UserPrincipal), DateTime.Today.AddDays(1)))
+                        if (ApiServicesHelper.CacheD.Store_BSO<dynamic>("API", "Common", "Authenticate", NetworkIdentity, Utility.JsonSerialize_IgnoreLoopingReference(UserPrincipal), DateTime.Today.AddDays(1)))
                         {
                             Log.Instance.Info("Authentication stored in Cache");
                         }
@@ -152,26 +154,36 @@ public Common()
                     // Call the SessionID to initiate the Session
                     Log.Instance.Info("Session ID: " + context.Session.Id);
 
-                    isAuthenticated = AuthenticateByType();
-
-                    // Initiate a new Session only when authentication works.
-                    if (isAuthenticated != null)
+                    var user = context.Session.GetString(UserPrincipal_Container);
+                    if (user == null)
                     {
-                        // Save the serialized userPrincipal in the Session
-                        //context.Session[UserPrincipal_Container] = Utility.JsonSerialize_IgnoreLoopingReference(UserPrincipal);
-                        Log.Instance.Info("Authentication stored in Session");
+                        isAuthenticated = AuthenticateByType();
+
+                        // Initiate a new Session only when authentication works.
+                        if (isAuthenticated != null)
+                        {
+                            // Save the serialized userPrincipal in the Session
+
+                            //set userprincipal to be a smaller object
+                            UserPrincipal = ApiServicesHelper.ActiveDirectory.CreateAPIUserPrincipalObject(UserPrincipal);
+                            string upString = Utility.JsonSerialize_IgnoreLoopingReference(UserPrincipal);
+                            context.Session.SetString(UserPrincipal_Container, upString);
+                            Log.Instance.Info("Authentication stored in Session");
+                        }
+
                     }
-                }
-                else
-                {
-                    isAuthenticated = true;
 
-                    // Call the SessionID to initiate the Session
-                    Log.Instance.Info("Session ID: " + context.Session.Id);
+                    else
+                    {
+                        isAuthenticated = true;
+
+                        // Call the SessionID to initiate the Session
+                        Log.Instance.Info("Session ID: " + context.Session.Id);
+                        // Deserialise userPrincipal from Session
+                        UserPrincipal = Utility.JsonDeserialize_IgnoreLoopingReference(context.Session.GetString(UserPrincipal_Container));
+                        Log.Instance.Info("Authentication retrieved from Session");
+                    }
 
-                    // Deserialise userPrincipal from Session
-                    //UserPrincipal = Utility.JsonDeserialize_IgnoreLoopingReference((string)(context.Session[UserPrincipal_Container]));
-                    Log.Instance.Info("Authentication retrieved from Session");
                 }
             }
 
@@ -252,7 +264,8 @@ public Common()
                 else
                 {
                     //if account is enabled
-                    if(UserPrincipal.Enabled) {
+                    if (UserPrincipal.Enabled)
+                    {
                         return true;
                     }
                     else
@@ -408,7 +421,8 @@ internal async Task returnResponseAsync(HttpContext context, string message, Can
                 throw new TaskCanceledException();
             }
 
-            if (context.Response.HasStarted) {
+            if (context.Response.HasStarted)
+            {
                 sourceToken.Cancel(true);
 
                 if (sourceToken.IsCancellationRequested)
@@ -447,24 +461,25 @@ internal Cookie CheckCookie(string SessionCookieName, HttpContext httpContext)
             //httpContext.Request.Headers.Add("Cookie", "session=\"84c2f0b319460ee991924908198d46795049c83f1ebdfcaf90bd899c8d9d0bd2\";");        
 
             Cookie sessionCookie = new Cookie();
-                
+
             if (!string.IsNullOrEmpty(SessionCookieName))
-                {
-                    //need to create a cookie using the value and  the SessionCookieName
-                    string testSessionCookieValue = httpContext.Request.Cookies[SessionCookieName];
+            {
+                //need to create a cookie using the value and  the SessionCookieName
+                string testSessionCookieValue = httpContext.Request.Cookies[SessionCookieName];
 
-                    if (!string.IsNullOrEmpty(testSessionCookieValue))
-                    {
-                        sessionCookie.Name = SessionCookieName;
-                        sessionCookie.Value = testSessionCookieValue;
-                    }
+                if (!string.IsNullOrEmpty(testSessionCookieValue))
+                {
+                    sessionCookie.Name = SessionCookieName;
+                    sessionCookie.Value = testSessionCookieValue;
+                }
             }
             return sessionCookie;
         }
 
         internal void GatherTraceInformation(dynamic apiRequest, Trace trace)
         {
-            if (ApiServicesHelper.CacheConfig.API_CACHE_TRACE_ENABLED) { 
+            if (ApiServicesHelper.CacheConfig.API_CACHE_TRACE_ENABLED)
+            {
                 //gather trace information
                 trace.TrcParams = MaskParameters(apiRequest.parameters.ToString());
                 trace.TrcIp = apiRequest.ipAddress;
@@ -476,7 +491,7 @@ internal void GatherTraceInformation(dynamic apiRequest, Trace trace)
                     trace.TrcUsername = apiRequest.userPrincipal.SamAccountName.ToString();
                 }
             }
-        }    
+        }
     }
 
     /// <summary>

rls/packages/API.Library.6.1.20.nupkg

@@ -1,5 +1,4 @@
 using Enyim.Caching;
-using Enyim.Caching.Configuration;
 using log4net.Config;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.HttpOverrides;
@@ -15,38 +14,38 @@ public static class ServiceConfiguration
         public static IServiceCollection AddApiLibrary(this IServiceCollection service, WebApplicationBuilder builder)
         {
             var loggingOptions = builder.Configuration.GetSection("Log4NetCore").Get<Log4NetProviderOptions>();
-            
+
             //log name of the machine for identification purposes
             log4net.GlobalContext.Properties["MachineName"] = System.Environment.MachineName;
             builder.Logging.AddLog4Net(loggingOptions);
-          
+
             //watches for any changes to log4net config file
             XmlConfigurator.ConfigureAndWatch(new FileInfo(loggingOptions.Log4NetConfigFileName));
 
             Log.Instance.Info("service configration started");
-               
+
             // Add services to the container.
             builder.Services.Configure<ForwardedHeadersOptions>(options =>
             {
-                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; 
+                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
             });
-               
+
             builder.Services.AddHttpContextAccessor();
 
             service.Configure<CacheSettings>(builder.Configuration.GetSection("CacheSettings"));
-            service.Configure<ADOSettings>(builder.Configuration.GetSection("ADOSettings"));               
-            service.Configure<APIConfig>(builder.Configuration.GetSection("API_Config"));               
-            service.Configure<APPConfig>(builder.Configuration.GetSection("APP_Config"));               
-            service.Configure<APISettings>(builder.Configuration.GetSection("API_SETTINGS"));               
+            service.Configure<ADOSettings>(builder.Configuration.GetSection("ADOSettings"));
+            service.Configure<APIConfig>(builder.Configuration.GetSection("API_Config"));
+            service.Configure<APPConfig>(builder.Configuration.GetSection("APP_Config"));
+            service.Configure<APISettings>(builder.Configuration.GetSection("API_SETTINGS"));
             service.Configure<BlockedRequests>(builder.Configuration.GetSection("Blocked_Requests"));
             service.Configure<APIPerformanceSettings>(builder.Configuration.GetSection("APIPerformanceSettings"));
 
             service.AddEnyimMemcached();
             service.AddSingleton<ICacheConfig, CacheConfig>();
-            service.AddSingleton<IApiConfiguration, ApiConfiguration>();               
-            service.AddSingleton<IAppConfiguration, APPConfiguration>();               
-            service.AddSingleton<IWebUtility, WebUtility>();                          
-            service.AddSingleton<IMemcachedClient, MemcachedClient>();              
+            service.AddSingleton<IApiConfiguration, ApiConfiguration>();
+            service.AddSingleton<IAppConfiguration, APPConfiguration>();
+            service.AddSingleton<IWebUtility, WebUtility>();
+            service.AddSingleton<IMemcachedClient, MemcachedClient>();
             service.AddSingleton<ICacheD, MemCacheD>();
             service.AddSingleton<IActiveDirectory, ActiveDirectory>();
             service.AddSingleton<IFirebase, Firebase>();
@@ -58,6 +57,9 @@ public static IServiceCollection AddApiLibrary(this IServiceCollection service,
             service.AddSingleton<ICleanser, Cleanser>();
             service.AddSingleton<ISanitizer, Sanitizer>();
 
+
+
+
             var sp = service.BuildServiceProvider();
             var ADOSettings = sp.GetService<IOptions<ADOSettings>>();
             var APISettings = sp.GetService<IOptions<APISettings>>();
@@ -85,7 +87,7 @@ public static IServiceCollection AddApiLibrary(this IServiceCollection service,
 
             //we need to load API config here as needed for application to work.
             ApiServicesHelper.ApiConfiguration = sp.GetRequiredService<IApiConfiguration>();
-            if(ApiServicesHelper.ApiConfiguration.Settings == null)
+            if (ApiServicesHelper.ApiConfiguration.Settings == null)
             {
                 ApiServicesHelper.ApplicationLoaded = false;
             }
@@ -97,11 +99,22 @@ public static IServiceCollection AddApiLibrary(this IServiceCollection service,
             ApiServicesHelper.Sanitizer = sp.GetRequiredService<ISanitizer>();
             ApiServicesHelper.Cleanser = sp.GetRequiredService<ICleanser>();
 
-       
-            if (ApiServicesHelper.APPConfig.enabled && ApiServicesHelper.ApplicationLoaded) 
+
+            if (ApiServicesHelper.APPConfig.enabled && ApiServicesHelper.ApplicationLoaded)
             {
                 //load APP config here as if can't load application wont work
-                ApiServicesHelper.AppConfiguration = sp.GetRequiredService<IAppConfiguration>(); 
+                ApiServicesHelper.AppConfiguration = sp.GetRequiredService<IAppConfiguration>();
+            }
+            bool isStateless = Convert.ToBoolean(ApiServicesHelper.ApiConfiguration.Settings["API_STATELESS"]);
+            if (!isStateless)
+            {
+                service.AddSession(options =>
+                {
+                    options.IdleTimeout = TimeSpan.FromMinutes(30);//We set Time here 
+                    options.Cookie.HttpOnly = true;
+                    options.Cookie.IsEssential = true;
+                    options.Cookie.Name = "apiSessionCookie";
+                });
             }
 
             Log.Instance.Info("All API setup completed");

rls/packages/API.Library.6.1.21.nupkg

@@ -19,7 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="API.Library" Version="6.1.17" />
+    <PackageReference Include="API.Library" Version="6.1.18" />
   </ItemGroup>
 
   <ItemGroup>