Class SuspiciousSessionSettings
- Namespace
- KadicAuth.Application.Common
- Assembly
- KadicAuth.Application.dll
Configures suspicious session detection (GAP-15). A session is flagged as suspicious when the incoming request's IP address differs from the IP recorded at login time. Mapped from the "SuspiciousSession" section in appsettings.
public sealed class SuspiciousSessionSettings
- Inheritance
-
objectSuspiciousSessionSettings
Fields
SectionName
public const string SectionName = "SuspiciousSession"
Field Value
- string
Properties
CheckUserAgent
When true, a change in the User-Agent header (in addition to IP) is also considered suspicious. IP changes are always checked. Default: false — User-Agent can legitimately change (browser updates, OS updates).
public bool CheckUserAgent { get; set; }
Property Value
- bool
RevokeOnDetection
When true, suspicious sessions are revoked and the request is rejected with 401. When false, the mismatch is only logged (warn-only mode). Default: false — start in warn-only so existing sessions are not disrupted on deploy.
public bool RevokeOnDetection { get; set; }
Property Value
- bool