From c908d15677b644e13389b155d69a20a8ea3dc174 Mon Sep 17 00:00:00 2001 From: khalidabuhakmeh Date: Wed, 4 Jun 2025 08:34:49 -0400 Subject: [PATCH] Add null-check for client before coordinating session lifecycle Ensure that the client object is not null before attempting to determine its session coordination behavior. --- .../DefaultSessionCoordinationService.cs | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/identity-server/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs b/identity-server/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs index 99664fb1d..ead7c7253 100644 --- a/identity-server/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs +++ b/identity-server/src/IdentityServer/Services/Default/DefaultSessionCoordinationService.cs @@ -137,14 +137,17 @@ public class DefaultSessionCoordinationService : ISessionCoordinationService { var client = await ClientStore.FindClientByIdAsync(clientId); // i don't think we care if it's an enabled client at this point - var shouldCoordinate = - client.CoordinateLifetimeWithUserSession == true || - (Options.Authentication.CoordinateClientLifetimesWithUserSession && client.CoordinateLifetimeWithUserSession != false); - - if (shouldCoordinate) + if (client != null) { - // this implies they should also be contacted for backchannel logout below - clientsToCoordinate.Add(clientId); + var shouldCoordinate = + client.CoordinateLifetimeWithUserSession == true || + (Options.Authentication.CoordinateClientLifetimesWithUserSession && client.CoordinateLifetimeWithUserSession != false); + + if (shouldCoordinate) + { + // this implies they should also be contacted for backchannel logout below + clientsToCoordinate.Add(clientId); + } } }