Bruno Lopes - 328 - Jan 22, 2014

I was trying to persist some custom data on a subclass on AuthUserSession (in particular the reference to the current user id for our custom User object), but found that apparently the session instance is stored in cache before the OnAuthenticated method is called.

From what I could see from the docs (here:–sessions—the-icacheclient ), that’s the method where I’m supposed to store the data on the session fields.

I’ve worked around it by calling " authService.SaveSession(this, SessionFeature.DefaultSessionExpiry); " after doing all changes, but it looks a bit odd. 

Another option might be to implement our own IUserAuthRepository which would return our user directly, but even then I think I might want to extend the session with other data.

What am I missing? Is there any way to signal that the user session needs to be re-cached?


Not sure what you mean by looks odd? If you change the model that’s retrieved from the Session, it needs to be persisted in order for the changes to be available in the next time the session is retrieved.

Bruno Lopes:

I apologize for not being clearer.

I mention that it looks odd because I expected the save to be after calling “OnAuthenticated”, since once of the scenarios for a custom UserSession is to have extra fields.
Also, I believe that the expiry is “owned” by the AuthProvider, which made me think that I was not going the right way about it when I went for the default expiry.

If the call to “authService.SaveSession(session, SessionExpiry);” were to happen after “session.OnAuthenticated(authService, session, tokens, authInfo);”, then any changes to the session made during OnAuthenticated would
be persisted, instead of my current solution of calling “authService.SaveSession(this, SessionFeature.DefaultSessionExpiry);” inside OnAuthenticated. Also, this means that the session is persisted twice to cache.

I’ve put the code up at if it helps in understanding my question.


The Session is saved in a cache, you don’t need to provide a default expiry as it should just use the default SessionExpiry in AuthFeature or SessionFeature (2 weeks).
I’ve changed it to save the session after the call to OnAuthenticated() in this commit: which I agree is likely to be the expected behavior that any changes to the session would be automatically persisted.

All the tests pass so it should be safe, though it does mean if you make use of a provider within OnAuthenticated() that tries to access the session they’ll get the old one, not the new one - but that should hopefully be rare.
I’ve just started deploying the latest release to MyGet should be finished in 15 minutes. Instructions for using the pre-release packages on MyGet are at:

Bruno Lopes:

About the expire, right, sorry. I didn’t see it was optional.

Thanks for the change and help.