Occurs when a session security token has been read from a cookie.
Assembly: System.IdentityModel.Services (in System.IdentityModel.Services.dll)
You can use this event to modify properties of the session token before it is passed further along the pipeline and is used to authenticate the entity making the request (user). One of the most common scenarios involves modifying the session expiration time (accessible through the SessionSecurityToken.ValidTo property) to override the session expiration time set in configuration through the lifetime attribute of the <sessionTokenRequirement> element. By modifying this property on each request, you can implement a sliding session; that is, a session in which the lifetime is extended each time the user accesses the site.
In an event handler, you can access the token through the SessionSecurityTokenReceivedEventArgs.SessionToken property. After modifying the token, you can ensure that it is written back to the cookie by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie to true. Finally, the event is a cancelable event, and you can set the Cancel property of the SessionSecurityTokenReceivedEventArgs to abort further processing of the request.
The following code shows a handler for the event implemented in the global.asax.cs file of an ASP.NET web application. You must also add the handler to the event. A more complete example is shown in the SessionAuthenticationModule overview topic.
- Full trust for the immediate caller. This member cannot be used by partially trusted code. For more information, see Using Libraries from Partially Trusted Code.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)