The ss-opt value gets set to “perm”, but the session id that gets saved in my cache is shown in the ss-id cookie. The cookie value of ss-pid is a value I cannot find, even when I trace through the code and inspect the value of sessionId all the way through my AuthProvider.
The only change I’ve made to auth recently is to set SameSiteCookies = true in my SetConfig.
This behavior hasn’t been touched in a long time, I doubt any changes are new. The session is already created before OnAuthenticated() is called so switching to perm isn’t going to change the session id it’s saved against. If you want to save against the ss-pid the User should be authenticating with RememberMe=true.
You can try to update the session.Id=req.GetPermanentSessionId() before calling base.OnAuthenticated() so it would save the session against the updated id but you’d need to ensure the Request that changes AddSessionOptions() isn’t short-circuited, i.e. the the Set-Cookie instruction for that response needs to be returned to the client so the client (i.e. Browser) cookies are updated.
that didn’t seem to do the trick, but a StackOverflow solution I found this evening seemed to do it: override OnCreated in my custom AuthUserSession and creating new cookies there…