jmserrano-dev/Mono_system.web.security-FormsAuthentication.patch

## Mono_system.web.security-FormsAuthentication.patch
From b499a3e00b014f6333eb46e77269a00bdf260f8c Mon Sep 17 00:00:00 2001
From: gttds <ollie.yeoh@gmail.com>
Date: Thu, 16 Jun 2016 23:46:21 +0800
Subject: [PATCH] [System.Web] Fixes 50 year form authentication

This fixes the bug where form authentication tickets do not expire until 50 years later.
I bumped into this bug after upgrading mono from 4.2.2 to 4.4.0

Firstly, the authentication ticket's expiry must always equal to the timeout attribute on the <forms/> element. It doesn't matter whether persistent or session cookies are used.

Secondly, if the cookie is persistent, then it's expiry should be set to the same as that of the authentication ticket.

Reference: https://blogs.msdn.microsoft.com/dansellers/2006/02/15/change-to-asp-net-2-0-forms-authentication-persistent-cookies/
---
 .../System.Web/System.Web.Security/FormsAuthentication.cs     | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs b/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
index 491d74f6c4d4..651d8bf4c856 100644
--- a/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
+++ b/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
@@ -212,21 +212,18 @@ public static HttpCookie GetAuthCookie (string userName, bool createPersistentCo
 				strCookiePath = cookiePath;

 			DateTime now = DateTime.Now;
-			DateTime then;
-	            	if (createPersistentCookie)
-	                	then = now.AddMinutes(timeout);
-	            	else
-	                	then = DateTime.MinValue;
+			DateTime ticketExpiry = now.AddMinutes(timeout);
+	            	DateTime cookieExpiry = createPersistentCookie ? ticketExpiry : DateTime.MinValue;

 			FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1,
 											  userName,
 											  now,
-                                              createPersistentCookie?then:now.AddYears (50),
+											  ticketExpiry,
 											  createPersistentCookie,
 											  String.Empty,
 											  cookiePath);

-			HttpCookie cookie = new HttpCookie (cookieName, Encrypt (ticket), strCookiePath, then);
+			HttpCookie cookie = new HttpCookie (cookieName, Encrypt (ticket), strCookiePath, cookieExpiry);
 			if (requireSSL)
 				cookie.Secure = true;
 			if (!String.IsNullOrEmpty (cookie_domain))
	From b499a3e00b014f6333eb46e77269a00bdf260f8c Mon Sep 17 00:00:00 2001
	From: gttds <ollie.yeoh@gmail.com>
	Date: Thu, 16 Jun 2016 23:46:21 +0800
	Subject: [PATCH] [System.Web] Fixes 50 year form authentication

	This fixes the bug where form authentication tickets do not expire until 50 years later.
	I bumped into this bug after upgrading mono from 4.2.2 to 4.4.0

	Firstly, the authentication ticket's expiry must always equal to the timeout attribute on the <forms/> element. It doesn't matter whether persistent or session cookies are used.

	Secondly, if the cookie is persistent, then it's expiry should be set to the same as that of the authentication ticket.

	Reference: https://blogs.msdn.microsoft.com/dansellers/2006/02/15/change-to-asp-net-2-0-forms-authentication-persistent-cookies/
	---
	.../System.Web/System.Web.Security/FormsAuthentication.cs \| 11 ++++-------
	1 file changed, 4 insertions(+), 7 deletions(-)

	diff --git a/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs b/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
	index 491d74f6c4d4..651d8bf4c856 100644
	--- a/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
	+++ b/mcs/class/System.Web/System.Web.Security/FormsAuthentication.cs
	@@ -212,21 +212,18 @@ public static HttpCookie GetAuthCookie (string userName, bool createPersistentCo
	strCookiePath = cookiePath;

	DateTime now = DateTime.Now;
	- DateTime then;
	- if (createPersistentCookie)
	- then = now.AddMinutes(timeout);
	- else
	- then = DateTime.MinValue;
	+ DateTime ticketExpiry = now.AddMinutes(timeout);
	+ DateTime cookieExpiry = createPersistentCookie ? ticketExpiry : DateTime.MinValue;

	FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (1,
	userName,
	now,
	- createPersistentCookie?then:now.AddYears (50),
	+ ticketExpiry,
	createPersistentCookie,
	String.Empty,
	cookiePath);

	- HttpCookie cookie = new HttpCookie (cookieName, Encrypt (ticket), strCookiePath, then);
	+ HttpCookie cookie = new HttpCookie (cookieName, Encrypt (ticket), strCookiePath, cookieExpiry);
	if (requireSSL)
	cookie.Secure = true;
	if (!String.IsNullOrEmpty (cookie_domain))