Custom session not saving to cache

I’m trying to use a custom session that has some additional props on it that we need. I have a custom user repository since we’re storing the user data in our own table instead of the UserAuth table and a custom user session to contain the additional data we need. The authentication request is going through with no issues but the session is not saving to the cache - if I examine base.GetSession(): in a ServiceInterface method it’s empty with the exception of the sessionId and the createdDate.

I think the issue is I’m not populating the data in the appropriate hook and not saving the session in the appropriate hook but I’m not sure where I should be doing both of those.

I have a gist up at https://gist.github.com/ultimatemonty/12a46ae3595e2729b4ac that shows the existing code. Thanks in advance! I love building APIs with SS - so easy to reason about!

Firstly since the AuthUserSession DTO is a DataContract you’ll also want to annotate each property with [DataMember], e.g:

[DataContract]
public class CustomAuthUserSession : AuthUserSession
{
    [DataMember]
    public bool SubscriptionValid { get; set; }
}

Other than that OnAuthenticated() should save the session but since you’re passing in the wrong Session instance your customSession wont get saved, so you should change your call from:

var response = OnAuthenticated(authService, session, null, null);

to:

var response = OnAuthenticated(authService, customSession, null, null);

Awesome those two things did the trick! Makes perfect sense now that I take a step back - could’t see the forest for the trees!

@mythz is there anything additional required to get the [Authenticate] attribute functioning when using custom sessions?

I’m using Postman to send requests with the x-ss-id header and keep getting 401 responses. Inspected the session returned by this.GetSession() in the service method and it has the correct sessionId but IsAuthenticated is false.

The correct headers should be X-ss-id by default or X-ss-pid if you’ve authenticated with ?RememberMe=true.

Also note there’s special support for send authenticated requests with Postman which can be enabled with:

Plugins.Add(new PostmanFeature { 
    EnableSessionExport = true
});

Where you can go to /postman?exportSession=true in an authenticated browser and it will redirect you to a url populated with your session ids that you can paste into postman so it populates cookies on future postman requests allowing you to make authenticated requests with Postman.

Thanks!

I’m not sure how the Postman plugin would help me with the authentication issue?

My process right now is to send an request to /auth/credentials that then gives me back a sessionId. I then add that sessionId to the headers of the service I’m testing using the X-ss-id header. I’m still getting the 401 after generating the new session and adding that sessionId to the request.

You said earlier you’re trying to authenticate with Postman? The /postman?exportSession=true feature redirects to a url that you can request from postman to import the authenticated users session which will be add the session cookies to subsequent postman requests - allowing you to make authenticated requests with Postman.

The X-ss-id sessionId is used when ?RememberMe=false, you can try sending X-ss-pid header instead which is required if authentication was made with ?RememberMe=true. If it’s still doesn’t authenticate please provide the full HTTP Request/Response Headers of the Authentication request (i.e. /auth/credentials) and the Postman request that includes the HTTP Header.