Incorrect UserAuthId on session

Hi,

Running servicestack 6.0.2 and I’m wondering if anyone can explain why we might be getting back an invalid userAuthId on a session.

The code shown in the screenshot below has worked for many years but recently we’ve found one single user’s results in a different user’s userAuthId being presented on the session.

image1032×338 91.1 KB

This screenshot shows the incorrect userAuthId stamped into the db and the actual userAuthId…

Here’s our AuthFeature registration.

image906×328 86.1 KB

And our CustomCredentialsProvider…

image2106×494 184 KB

Hopefully its just something we’re doing wrong…?

Can’t tell what the issue is from here, have a look at the HTTP Headers to see what Session Cookie is sent with the request which you can use to create the session key that the session is saved against:

urn:iauthsession:{sessionId}

If the request is sent with JWT you’ll need to inspect the JWT Bearer Token or ss-tok Cookie to find out their User Id, the new Logging & Profiling Admin UIs added in the last release will be able to show you both.

Thanks @mythz I suspect the issue is with the jwt pre-existing the ‘go-live’ and since users have been reloaded into the db…

Thanks for your time