Issues with user session not saving after upgrading to 5.10.0

kebin · March 3, 2023, 12:17am

Hi there,
I’m pulling my hair out trying to figure out why I am seeing this issue. The issue is happening when we upgraded from 5.8.0 to 5.10.0. It most likely has to do with sync/async stuff or some misconfiguration. Here is what I have:

User tries to login with correct credentials at email/password at /api/auth/credentials
Authenticates successfully but doesn’t insert the session cache_entry table and therefore following request are unauthenticated. Which makes sense because cache_entry is not populated.
The logs does series of DELETE FROM “cache_entry” but never UPDATE and/or INSERT
I’ve also tried using MemoryCacheClient for ICacheClient. Same thing…the subsequent request are not authenticated.

The issue is same whether I register just the IAuthRepository and IUserAuthRepository or the async versions of it or all four.

Here are screenshots of my configurations and logs when trying to authenticate.

Any pointer or help would be great! Thank you

mythz · March 3, 2023, 12:33am

Wont be able to tell what the issue is without a repro, but you don’t need to register a MemoryCacheClient which is already registered by default and you should only have a single Auth Repository registration, e.g:

container.Register<IAuthRepository>(c =>
    new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>()) {
        UseDistinctRoleTables = true
    });

Which both the AppHost.GetAuthRepository() and AppHost.GetAuthRepositoryAsync() methods use when resolving a IAuthRepository or IAuthRepositoryAsync dependency.

Don’t see how that will help with this issue, but starting with the recommended registrations is a good start.

It may help with debugging if you put a breakpoint on OnSaveSessionAsync to see if it’s getting called:

public override Task OnSaveSessionAsync(IRequest httpReq, IAuthSession session, TimeSpan? expiresIn = null, CancellationToken token=default) 
{
    return OnSaveSessionAsync(httpReq, session, expiresIn, token);
}

Are you using a Custom Auth Repository or standard CredentialsAuthProvider?
How is ServiceStack configured to run at /api? as you’re using /api/auth/credentials instead of /auth/credentials. Is this a .NET Core or .NET Framework app?

kebin · March 3, 2023, 1:00am

Following your suggestion, I added a breakpoint. Inside of OnSaveSessionAsync, session.FromToken is true and therefore skips setting the cache(screenshot attached). What does this mean or how would this happen?

I am using standard CredentialsAuthProvider and default AuthUserSession.
Using HandlerFactoryPath = “api”
netcoreapp3.1

mythz · March 3, 2023, 1:11am

Are you using JWT? In which case Auth is stateless, i.e. maintained in client cookies/HTTP Headers instead of being saved on the server.

kebin · March 3, 2023, 1:11am

No. This is my ConfigureAuth setup:

mythz · March 3, 2023, 1:16am

ok that’s weird, FromToken should be false then. That’s the reason why it wouldn’t be saved, but if you don’t have any other AuthProviders configured I don’t see how it’s being set to true.

Can you check if your HTTP Header includes the ss-tok cookie? Maybe you reused the same URL with another app that is using a stateless AuthProvider?

Can you clear your cookies just to make sure.

kebin · March 3, 2023, 1:20am

I am using Rider’s http feature. Here are the requests and responses.

mythz · March 3, 2023, 1:37am

Yeah I don’t see how it can be set to FromToken=true, which is only done in JWT or Identity Auth Providers AFAIK.

Can you see if you can try creating a FromToken property in your Custom AuthUserSession to see if we can see where it’s being set:

public class CustomAuthSession : AuthUserSession
{
    public new bool FromToken
    {
        get
        {
            return base.FromToken;
        }
        set
        {
            Console.WriteLine($"FromToken={value}");
            Console.WriteLine(Environment.StackTrace);
            base.FromToken = value;
        }
    }
}

And let me know what it prints out.

kebin · March 3, 2023, 1:43am

Nope, it doesn’t set, no print.

kebin · March 3, 2023, 1:47am

Here’s the content of CustomAuthSession, which is just the above class.

mythz · March 3, 2023, 1:52am

I’m assuming because it’s only shadowed and not overriding a virtual property which I’ve added in this commit.

If you upgrade to latest v6.6.1+ on MyGet you’ll be override it instead of shadowing it, but as you’re upgrading from v5.10 it may not be a drop-in upgrade. Although just upgrading to a newer version may just resolve it.

If you can debug it and find where it’s being set to true that will help identify if it’s still an issue with the latest version, otherwise you can just set it to false in your OnSaveSessionAsync() to get it to save the session or try upgrading to a newer version.

kebin · March 3, 2023, 1:58am

Yes, eventually I want to upgrade this project to the latest version, but there are other dependencies that need to be resolved. I will keep you updated. Thanks for your help! As usual, you were awesome and this is a great project

kebin · March 3, 2023, 3:51am

I think I found where the session.FromToken = true is getting set.

if (userAuth.Meta != null) session.PopulateFromMap(userAuth.Meta);

I do have Meta set for the user and therefore PopulateFromMap is setting the property as true. Screenshots attached.

mythz · March 3, 2023, 4:52am

ok this looks like an old issue fixed in 2020:

FYI first version with this fix is v5.10.4+

kebin · March 3, 2023, 5:27pm

Ah! Upgraded to 5.14.0 and it works well! Might as well try going to v6. Any plans on supporting npgsql 7 soon?

Thanks!

mythz · March 3, 2023, 5:34pm

Npgsql v7 is planned for release after next (i.e. v6.8).

kebin · March 7, 2023, 3:23pm

I started migrating to .net 6 and SS v6.2. Everything going smoothly but looks like I have something misconfigured. I’m getting 405 Method Not Found for existing service endpoints that were working under 5.14.0. Screenshots attached. Anything I’m overlooking? When I make a request with .json, the endpoints are available. You can see that in the last screenshot.

mythz · March 7, 2023, 3:50pm

Whatever’s generating the URL is invalid, the 2 pre-defined routes for the URL should be either:

/json/reply/GetUserMetadata
/api/GetUserMetadata - using the new JSON /api pre-defined route

If you’re already using /api route for your own purposes you can disable it with:

ConfigurePlugin<PredefinedRoutesFeature>(feature => feature.JsonApiRoute = null);

kebin · March 7, 2023, 4:25pm

Great! I updated the cli and client, regenerated the client side dtos. That worked!

Is UI Explorer available for the mvc project? When I navigate to http://localhost:5001/api/ui I get a blank screen and 404 for couple of JS files. One is from :8080?

mythz · March 7, 2023, 4:28pm

This looks like you have an old pre-release version, can you clear your NuGet packages cache and download the latest v6.6.1+ on MyGet.