There’s a few examples of this around… The example in the WIF book doesn’t take into consideration the clock skew.
Here’s one that does:
public class SlidingSessionAuthenticationModule : SessionAuthenticationModule
{
protected override void OnSessionSecurityTokenReceived(SessionSecurityTokenReceivedEventArgs args)
{
var sessionSecurityToken = args.SessionToken;
var now = DateTime.Now;
var validTo = sessionSecurityToken.ValidTo.Add(ServiceConfiguration.MaxClockSkew);
if (now < validTo)
{
var timeout = sessionSecurityToken.ValidTo - sessionSecurityToken.ValidFrom;
var window = TimeSpan.FromSeconds(timeout.TotalSeconds / 2);
var renewalTime = sessionSecurityToken.ValidTo.Subtract(window);
if (now > renewalTime)
{
args.SessionToken = CreateSessionSecurityToken(
sessionSecurityToken.ClaimsPrincipal,
sessionSecurityToken.Context,
now,
now.Add(timeout),
sessionSecurityToken.IsPersistent);
args.ReissueCookie = true;
}
}
base.OnSessionSecurityTokenReceived(args);
}
}
peplowdown 