Incorrect UserAuthId on session


Running servicestack 6.0.2 and I’m wondering if anyone can explain why we might be getting back an invalid userAuthId on a session.

The code shown in the screenshot below has worked for many years but recently we’ve found one single user’s results in a different user’s userAuthId being presented on the session.

This screenshot shows the incorrect userAuthId stamped into the db and the actual userAuthId…


Here’s our AuthFeature registration.

And our CustomCredentialsProvider…

Hopefully its just something we’re doing wrong…?

Can’t tell what the issue is from here, have a look at the HTTP Headers to see what Session Cookie is sent with the request which you can use to create the session key that the session is saved against:


If the request is sent with JWT you’ll need to inspect the JWT Bearer Token or ss-tok Cookie to find out their User Id, the new Logging & Profiling Admin UIs added in the last release will be able to show you both.

Thanks @mythz I suspect the issue is with the jwt pre-existing the ‘go-live’ and since users have been reloaded into the db…

Thanks for your time

1 Like