dotnet-starter-kit icon indicating copy to clipboard operation
dotnet-starter-kit copied to clipboard
verified publisher icon fullstackhero

[BUG] Updating a User sets a Cookie

Open doucsag opened this issue 2 years ago • 0 comments

Description

When updating a user, RefreshSignInAsync is called: https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/60de9b802d799ea3b4b3b35d4c5b62e32d98d410/src/Infrastructure/Identity/UserService.CreateUpdate.cs#L177

According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).

To Reproduce Update a user using PUT /users/ Check the response headers.

Expected behavior No cookie should be set.

doucsag avatar Oct 23 '23 09:10 doucsag