Occurs when a session security token has been read from a cookie.
Assembly: System.IdentityModel.Services (in System.IdentityModel.Services.dll)
You can use this event to modify properties of the session token before it is passed further along the pipeline and is used to authenticate the entity making the request (user). One of the most common scenarios involves modifying the session expiration time (accessible through the SessionSecurityToken.ValidTo property) to override the session expiration time set in configuration through the lifetime attribute of the <sessionTokenRequirement> element. By modifying this property on each request, you can implement a sliding session; that is, a session in which the lifetime is extended each time the user accesses the site.
In an event handler, you can access the token through the SessionSecurityTokenReceivedEventArgs.SessionToken property. After modifying the token, you can ensure that it is written back to the cookie by setting the SessionSecurityTokenReceivedEventArgs.ReissueCookie to true. Finally, the event is a cancelable event, and you can set the Cancel property of the SessionSecurityTokenReceivedEventArgs to abort further processing of the request.
The following code shows a handler for the event implemented in the global.asax.cs file of an ASP.NET web application. You must also add the handler to the event. A more complete example is shown in the SessionAuthenticationModule overview topic.