only emit session id cookie if check session endpoint is enabled (#1903)

IdentityServer · Dec 21, 2017 · fc1084a · fc1084a
1 parent ade653f
commit fc1084a
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/src/IdentityServer4/Services/DefaultUserSession.cs b/src/IdentityServer4/Services/DefaultUserSession.cs
@@ -255,12 +255,15 @@ private string GetSessionIdCookieValue()
 
         private void IssueSessionIdCookie(string sid)
         {
-            if (GetSessionIdCookieValue() != sid)
+            if (Options.Endpoints.EnableCheckSessionEndpoint)
             {
-                HttpContext.Response.Cookies.Append(
-                    Options.Authentication.CheckSessionCookieName,
-                    sid,
-                    CreateSessionIdCookieOptions());
+                if (GetSessionIdCookieValue() != sid)
+                {
+                    HttpContext.Response.Cookies.Append(
+                        Options.Authentication.CheckSessionCookieName,
+                        sid,
+                        CreateSessionIdCookieOptions());
+                }
             }
         }