Issues with user session not saving after upgrading to 5.10.0

Hi there,
I’m pulling my hair out trying to figure out why I am seeing this issue. The issue is happening when we upgraded from 5.8.0 to 5.10.0. It most likely has to do with sync/async stuff or some misconfiguration. Here is what I have:

  • User tries to login with correct credentials at email/password at /api/auth/credentials
  • Authenticates successfully but doesn’t insert the session cache_entry table and therefore following request are unauthenticated. Which makes sense because cache_entry is not populated.
  • The logs does series of DELETE FROM “cache_entry” but never UPDATE and/or INSERT
  • I’ve also tried using MemoryCacheClient for ICacheClient. Same thing…the subsequent request are not authenticated.

The issue is same whether I register just the IAuthRepository and IUserAuthRepository or the async versions of it or all four.

Here are screenshots of my configurations and logs when trying to authenticate.

Any pointer or help would be great! Thank you :slight_smile:

Wont be able to tell what the issue is without a repro, but you don’t need to register a MemoryCacheClient which is already registered by default and you should only have a single Auth Repository registration, e.g:

container.Register<IAuthRepository>(c =>
    new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>()) {
        UseDistinctRoleTables = true

Which both the AppHost.GetAuthRepository() and AppHost.GetAuthRepositoryAsync() methods use when resolving a IAuthRepository or IAuthRepositoryAsync dependency.

Don’t see how that will help with this issue, but starting with the recommended registrations is a good start.

It may help with debugging if you put a breakpoint on OnSaveSessionAsync to see if it’s getting called:

public override Task OnSaveSessionAsync(IRequest httpReq, IAuthSession session, TimeSpan? expiresIn = null, CancellationToken token=default) 
    return OnSaveSessionAsync(httpReq, session, expiresIn, token);

Are you using a Custom Auth Repository or standard CredentialsAuthProvider?
How is ServiceStack configured to run at /api? as you’re using /api/auth/credentials instead of /auth/credentials. Is this a .NET Core or .NET Framework app?

Following your suggestion, I added a breakpoint. Inside of OnSaveSessionAsync, session.FromToken is true and therefore skips setting the cache(screenshot attached). What does this mean or how would this happen?

I am using standard CredentialsAuthProvider and default AuthUserSession.
Using HandlerFactoryPath = “api”

Are you using JWT? In which case Auth is stateless, i.e. maintained in client cookies/HTTP Headers instead of being saved on the server.

No. This is my ConfigureAuth setup:

ok that’s weird, FromToken should be false then. That’s the reason why it wouldn’t be saved, but if you don’t have any other AuthProviders configured I don’t see how it’s being set to true.

Can you check if your HTTP Header includes the ss-tok cookie? Maybe you reused the same URL with another app that is using a stateless AuthProvider?

Can you clear your cookies just to make sure.

I am using Rider’s http feature. Here are the requests and responses.

Yeah I don’t see how it can be set to FromToken=true, which is only done in JWT or Identity Auth Providers AFAIK.

Can you see if you can try creating a FromToken property in your Custom AuthUserSession to see if we can see where it’s being set:

public class CustomAuthSession : AuthUserSession
    public new bool FromToken
            return base.FromToken;
            base.FromToken = value;

And let me know what it prints out.

Nope, it doesn’t set, no print.

Here’s the content of CustomAuthSession, which is just the above class.

I’m assuming because it’s only shadowed and not overriding a virtual property which I’ve added in this commit.

If you upgrade to latest v6.6.1+ on MyGet you’ll be override it instead of shadowing it, but as you’re upgrading from v5.10 it may not be a drop-in upgrade. Although just upgrading to a newer version may just resolve it.

If you can debug it and find where it’s being set to true that will help identify if it’s still an issue with the latest version, otherwise you can just set it to false in your OnSaveSessionAsync() to get it to save the session or try upgrading to a newer version.

Yes, eventually I want to upgrade this project to the latest version, but there are other dependencies that need to be resolved. I will keep you updated. Thanks for your help! As usual, you were awesome and this is a great project :slight_smile:

1 Like

I think I found where the session.FromToken = true is getting set.

if (userAuth.Meta != null) session.PopulateFromMap(userAuth.Meta);

I do have Meta set for the user and therefore PopulateFromMap is setting the property as true. Screenshots attached.

ok this looks like an old issue fixed in 2020:

FYI first version with this fix is v5.10.4+

Ah! Upgraded to 5.14.0 and it works well! Might as well try going to v6. Any plans on supporting npgsql 7 soon?


Npgsql v7 is planned for release after next (i.e. v6.8).

1 Like

I started migrating to .net 6 and SS v6.2. Everything going smoothly but looks like I have something misconfigured. I’m getting 405 Method Not Found for existing service endpoints that were working under 5.14.0. Screenshots attached. Anything I’m overlooking? When I make a request with .json, the endpoints are available. You can see that in the last screenshot.

Whatever’s generating the URL is invalid, the 2 pre-defined routes for the URL should be either:

If you’re already using /api route for your own purposes you can disable it with:

ConfigurePlugin<PredefinedRoutesFeature>(feature => feature.JsonApiRoute = null);

Great! I updated the cli and client, regenerated the client side dtos. That worked!

Is UI Explorer available for the mvc project? When I navigate to http://localhost:5001/api/ui I get a blank screen and 404 for couple of JS files. One is from :8080?

This looks like you have an old pre-release version, can you clear your NuGet packages cache and download the latest v6.6.1+ on MyGet.