Change in API behaviour (Missing ASP.NET_SessionId cookie) after Servicestackupgrade

kalyanreddy · July 29, 2018, 12:50pm

We have recently upgraded our API’s (using Forms Authentication) Servicestack version 4.0.40 to latest stable version of Servicestack (V5.1.0). Previously after API authenticated (using user credentials) we use to get required cookies set to use in following API calls. Now having issues in reusing authenticated session as missing “ASP.NET_SessionId” cookie value.

Cookies API use to set after Authentication before upgrade were:
ARRAffinity, ASP.NET_SessionId, ss-id, ss-pid, .ASPXAUTH

After Servicestack upgrade we have below cookies set after authentication:
ss-id, ss-pid, ss-opt, .ASPXAUTH, ARRAffinity

Not sure if it is related but note that we use Autofac for IOC. We had code to use IsntancePerHttpRequest now it is changed to InstancePerDependency as having trouble using Autofac.Extras.ServiceStack after upgrading servicestack.

mythz · July 29, 2018, 8:45pm

ServiceStack does not use ASP.NETs Session or Cokies at all, they’re completely unrelated to ServiceStack’s Session or Cookies. ServiceStack doesn’t know or have any affect with ASP.NETs Cookies as such any change in behaviour is unrelated to upgrading ServiceStack libraries.

kalyanreddy · July 30, 2018, 4:49am

Thanks for response. You are right but somehow after upgrade we are unable to use Autofac same way as before so it could be reason for change in behavior. Below code does not work anymore after servicestack upgrade which was from Autofac.MVC4 package)

this.UseAutofac(afcBuilder.Build());

Error CS0012 The type ‘ServiceStackHost’ is defined in an assembly that is not referenced. You must add a reference to assembly ‘ServiceStack, Version=4.0.48.0, Culture=neutral, PublicKeyToken=null’.

mythz · July 30, 2018, 4:58am

One of your dependencies has a dependency to an old v4.0.48 of ServiceStack. You can’t mix and match ServiceStack .dlls from different versions so you would need to re-compile whichever assembly has the old binary ServiceStack reference to use the version of ServiceStack you’re using.

Autofac wouldn’t have a dependency to ServiceStack, it would be one of your dependencies that is registered with Autofac. You can either use an Assembly inspector like JetBrains dotpeek and inspect the .dll references of each dll reference in your project or comment out registrations until you find the one with the dependency.

kalyanreddy · July 30, 2018, 11:42pm

Thanks mythz, it was due to one of external package (Autofac.Extras.Servicestack) which had reference to old servicestack version. This was used for Autofac implementation as have issues using InstancePerLifetimeScope for API’s.