Right it’s working now I cleared the cache. It’s because there was already a perm session id in the cookie, but no matching one in the cache, why would this of caused the weird behaviour. I thought authenticating would of cleared the existing auth headers?
Because I’m using the InMemoryCache obviously the session does not exist when I restart the app but the cookie does. But what happens if you clear the cache down for whatever reason in production.
POST /account/loginsubmit HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://localhost:35561/account/login
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 194
Host: localhost:35561
Connection: Keep-Alive
Pragma: no-cache
Cookie: ss-pid=mIkmorMA4B8BYiA3e54M; cb-enabled=accepted; X-UAId=1014; ss-opt=perm; __RequestVerificationToken=qBR23IRlZHLxiaH5DxTXm4xbdu5dl_tJBrM5eIL7DH9I7AStVkkp_hfVNilMwjHImvK4WXX_PKZRF04jwDU0d7qhMoQ1