Merge pull request #1141 from DuendeSoftware/brock/6.2/session-cleanu…

…p-httpctx When cookie is re-issued ensure the issuer is captured in the ticket
DuendeSoftware · Jan 25, 2023 · 2f5eee2 · 2f5eee2
2 parents 88a0d88 + b14fb6c
commit 2f5eee2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs b/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs
@@ -119,7 +119,8 @@ await BackChannelLogoutService.SendLogoutNotificationsAsync(new LogoutNotificati
             {
                 SubjectId = session.SubjectId,
                 SessionId = session.SessionId,
-                ClientIds = session.ClientIds
+                ClientIds = session.ClientIds,
+                Issuer = session.Issuer,
             });
         }
     }

diff --git a/src/IdentityServer/Stores/Default/ServerSideTicketStore.cs b/src/IdentityServer/Stores/Default/ServerSideTicketStore.cs
@@ -145,6 +145,11 @@ public async Task RenewAsync(string key, AuthenticationTicket ticket)
             session.SessionId = sid;
         }
 
+        if (ticket.GetIssuer() == null)
+        {
+            // when issuing a new cookie on top of an existing cookie, the AuthenticationTicket passed above is new (and not the prior one loaded from the ticket store)
+            ticket.SetIssuer(await _issuerNameService.GetCurrentAsync());
+        }
         session.Renewed = ticket.GetIssued();
         session.Expires = ticket.GetExpiration();
         session.DisplayName = name;