SessionAuthenticationModule.SessionSecurityTokenCreated Event


Occurs when a session security token has been created.

 event EventHandler<System::IdentityModel::Services::SessionSecurityTokenCreatedEventArgs ^> ^ SessionSecurityTokenCreated;
public event EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> SessionSecurityTokenCreated;
member this.SessionSecurityTokenCreated : EventHandler<System.IdentityModel.Services.SessionSecurityTokenCreatedEventArgs> 
Public Custom Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) 
Public Event SessionSecurityTokenCreated As EventHandler(Of SessionSecurityTokenCreatedEventArgs) 

Event Type



The following code shows a handler for the SessionSecurityTokenCreated event implemented in the global.asax.cs file of an ASP.NET web application. You must also add the handler to the event. A more complete example is shown in the SessionAuthenticationModule overview topic.

void SessionAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
    System.Diagnostics.Trace.WriteLine("Handling SessionSecurityTokenCreated event");
    //Store session on the server-side token cache instead writing the whole token to the cookie.
    //It may improve throughput but introduces server affinity that may affect scalability
    FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;


You can use this event to modify the session security token before it is written to a cookie.

The SessionSecurityTokenCreated event is raised from within the OnAuthenticateRequest method after a session token (SessionSecurityToken) has been created. This happens, for example, if an event handler for the SessionSecurityTokenReceived event modifies the token.

You can use this event to modify properties of the session token before it is passed further along the pipeline and is used to authenticate the entity making the request (user).

In an event handler, you can access the token through the SessionSecurityTokenCreatedEventArgs.SessionToken property. After modifying the token, you can ensure that it is written back to the cookie by setting the SessionSecurityTokenCreatedEventArgs.WriteSessionCookie property to true. Unlike, the SessionSecurityTokenCreated event, SessionSecurityTokenCreated is not a cancelable event.

Applies to