#19229: Isolating cookies when using url prefix based multi-tenancy

Work Item: 19229 --HG-- branch : 1.x extra : rebase_source : 77fdb5648c647bfd019afd25f02b9e318489f821
2025-10-15 19:54:57 +08:00 · 2013-06-21 10:39:03 -07:00
parent 49e8b2f6b5
commit a87a3327ef
1 changed files with 24 additions and 8 deletions
--- a/src/Orchard/Security/Providers/FormsAuthenticationService.cs
+++ b/src/Orchard/Security/Providers/FormsAuthenticationService.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Web;
 using System.Web.Security;
+using Orchard.Environment.Configuration;
 using Orchard.Logging;
 using Orchard.ContentManagement;
 using Orchard.Mvc;
@@ -8,13 +9,15 @@ using Orchard.Services;

 namespace Orchard.Security.Providers {
    public class FormsAuthenticationService : IAuthenticationService {
+        private readonly ShellSettings _settings;
        private readonly IClock _clock;
        private readonly IContentManager _contentManager;
        private readonly IHttpContextAccessor _httpContextAccessor;
        private IUser _signedInUser;
-        private bool _isAuthenticated = false;
+        private bool _isAuthenticated;

-        public FormsAuthenticationService(IClock clock, IContentManager contentManager, IHttpContextAccessor httpContextAccessor) {
+        public FormsAuthenticationService(ShellSettings settings, IClock clock, IContentManager contentManager, IHttpContextAccessor httpContextAccessor) {
+            _settings = settings;
            _clock = clock;
            _contentManager = contentManager;
            _httpContextAccessor = httpContextAccessor;
@@ -43,10 +46,24 @@ namespace Orchard.Security.Providers {

            var encryptedTicket = FormsAuthentication.Encrypt(ticket);

-            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
-            cookie.HttpOnly = true;
-            cookie.Secure = FormsAuthentication.RequireSSL;
-            cookie.Path = FormsAuthentication.FormsCookiePath;
+            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) {
+                HttpOnly = true, 
+                Secure = FormsAuthentication.RequireSSL, 
+                Path = FormsAuthentication.FormsCookiePath
+            };
+
+            var httpContext = _httpContextAccessor.Current();
+
+            if (!String.IsNullOrEmpty(_settings.RequestUrlPrefix)) {
+                var cookiePath = httpContext.Request.ApplicationPath;
+                if (cookiePath != null && cookiePath.Length > 1) {
+                    cookiePath += '/';
+                }
+
+                cookiePath += _settings.RequestUrlPrefix;
+                cookie.Path = cookiePath;
+            }
+
            if (FormsAuthentication.CookieDomain != null) {
                cookie.Domain = FormsAuthentication.CookieDomain;
            }
@@ -54,8 +71,7 @@ namespace Orchard.Security.Providers {
            if (createPersistentCookie) {
                cookie.Expires = ticket.Expiration;
            }
-
-            var httpContext = _httpContextAccessor.Current();
+            
            httpContext.Response.Cookies.Add(cookie);

            _isAuthenticated = true;