I am changing an unauthentciated users password via a 'token' email link and want the user to be logged in after, I am pretty sure my code used to work, but now IsAuthenticated is true...and then false (latest version)...
public async Task<ActionResult> ChangePassword(string usr, string code)
if (usr == null || code == null)
var userUtil = UserUtil.InstantiateByEmail(usr);
// does a token-based password update if code matches
var model = await userUtil.ResetPasswordAfterCheckCodeAsync(code);
if (model != null)
using (var authService = HostContext.ResolveService<AuthenticateService>())
var response = authService.Post(new Authenticate
provider = AuthenticateService.CredentialsProvider,
UserName = model.Email,
Password = model.Password,
RememberMe = model.RememberMe
// (session.IsAuthenticated = true)
var session = (CustomUserSession)authService.GetSession(false);
SaveSession(session); // Doesn't help the issue below
Response.Cookies.Add(UserUtil.CreateFormsCookie(model.Email, model.RememberMe, session));
// For both session1/session2 .IsAuthenticated is now false
var session1 = (CustomUserSession)GetSession(false);
var session2 = (CustomUserSession)GetSession(true);
if (IsAuthenticated) // = false
return Redirect("account/password"); //Redirect to change to their own password
Note that if I FLUSHALL in redis and run repeatedly I can see the session has isAuthenticated true so guessing issue with http context somehow.
Ok close this...elsewhere I had the rememberMe = false
Now I kind of know what that is for, I'll just set it true always!
Having said that it was always false before and used to work, ideally would like to know what changed.
Does it mean anything other than 'send cookie to client'?
RememberMe says whether to save the Users Session against the temporary
ss-id or the permanent