{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 乱世女痞 的问题《W.I.F.: Setting IsSessionMode to true, can't s》','https://www.manongdao.com/q-1350656.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big.
There is an "neat trick" to fix this: "WIF RTM added a property to the SessionAuthenticationModule, IsSessionMode. When flipped to true, IsSessionMode has the effect of ensuring that the SessionSecurityToken remains in the cache for the whole duration of the session and generating a cookie which contains just a session identifier rather than the content of the session itself."
I have this code in global.asax:
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs e)
{
FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
Problem is simple, "FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true" never runs, I have no idea why. Do you?? Or do you know how to use "PassiveSignInControl" to set IsSessionMode to true?
http://social.msdn.microsoft.com/Forums/en/Geneva/thread/ea00ec3f-ebdf-427c-929f-d4a196650552 http://blogs.msdn.com/b/vbertocci/archive/2010/05/26/your-fedauth-cookies-on-a-diet-issessionmode-true.aspx
From the book "Programming Windows® Identity Foundation": "An interesting property of the SAM is IsSessionMode. When set to true, IsSessionMode has the effect of storing the bulk of the session on a server-side token cache instead of writing everything in the cookie. The cookie itself will just contain a small context identifier, which will be used for retrieving the session on the server. Unfortunately, in this version of the92 Part II Windows Identity Foundation for Identity Developers product there is no way to set IsSessionMode from the configuration file. You can set it via a property of the PassiveSignInControl, or in the global.asax file as follows(same code as above)"
Have you registered your event handler for the
SessionSecurityTokenCreatedevent?This line needs to be added to the
Application_Startmedthod in yourGlobal.asaxfile.The
FederatedAuthenticationclass in in the namespaceMicrosoft.IdentityModel.Web.Old thread, but I believe SessionSecurityTokenCreated is the proper event to handle this--tested it and it works under "old WIF" and NET 4.5 with the appropriate namespace variations.
One important thing to note is how to handle SecurityTokenValidated and SessionSecurityTokenCreated events of WSFederationAuthenticationModule class.
Alternative 1 — auto event wire up in global.asax (explicit method names without manual wiring to events):
Alternative 2 — manual method wiring to events in global.asax. The point is that it must not be in Application_Start but in overriden Init:
Hi try this: instead of the SessionSecurityTokenCreated event use the SecurityTokenValidated
In the global.ascx
Check the comment from Dominick Baier blog