You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).
To Reproduce
Update a user using PUT /users/
Check the response headers.
Expected behavior
No cookie should be set.
The text was updated successfully, but these errors were encountered:
doucsag
changed the title
[BUG]
[BUG] Updating a User sets a Cookie
Oct 23, 2023
Description
When updating a user, RefreshSignInAsync is called: https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/60de9b802d799ea3b4b3b35d4c5b62e32d98d410/src/Infrastructure/Identity/UserService.CreateUpdate.cs#L177
According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).
To Reproduce
Update a user using PUT /users/
Check the response headers.
Expected behavior
No cookie should be set.
The text was updated successfully, but these errors were encountered: