JWT Tokens and Augmented Sessions

I have a custom credentials provider and custom session object. The credentials OnAuthenticatedAsync is loading some additional information about the session and then calling base but I’m noticing the session is not persisted on future calls, I’m assuming because the JWT Token is stateless. What is the best route to be able to pull up and populate this custom session info?

Store it in cache manually and retrieve it in the JWT’s PopulateSessionFilter ?

I am trying to avoid hitting the db everytime there is a jwt auth token session for the same tokens as the session only needs to be loaded once (a day per recycle whatever).

If you’re going to store custom auth info in the cache then there’s not really any benefit to using stateless JWTs and should stick to using normal sever sessions.

If the additional info is small enough, you can embed it in the JWT itself, see: https://docs.servicestack.net/jwt-authprovider#modifying-the-payload

1 Like