Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When running inside a container, need to maintain session between restarts #343

Closed
csharpfritz opened this issue Nov 30, 2023 · 2 comments · Fixed by #344
Closed

When running inside a container, need to maintain session between restarts #343

csharpfritz opened this issue Nov 30, 2023 · 2 comments · Fixed by #344
Labels
bug Something isn't working help wanted Extra attention is needed
Milestone
Milestone 5

Comments

@csharpfritz
Copy link
Contributor

No description provided.

@csharpfritz csharpfritz added bug Something isn't working help wanted Extra attention is needed labels Nov 30, 2023
@csharpfritz csharpfritz added this to the Milestone 5 milestone Nov 30, 2023
@johanbenschop
Copy link
Contributor

The theory I have, as discussed on stream, is that the default cookie provider that holds the auth state is encrypted. This key is generated at startup, and a subsequent restart creates a brand new key that cannot decrypt cookies encrypted with the old key. Thus, the state gets invalidated, and users must log in again. Point 4 on this docs page confirms this.

The solution would be to configure Data Protection to persist the key to blob storage or key vault.

See https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-8.0 for more details.

@csharpfritz
Copy link
Contributor Author

I think we would want to implement PersistKeysToDbContext and attach to the application security db context.

https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-8.0#persistkeystodbcontext

@csharpfritz csharpfritz mentioned this issue Dec 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
Milestone 5
Development

Successfully merging a pull request may close this issue.

Introduced call to AddDataProtection and store keys in SecurityContext csharpfritz/TagzApp
2 participants
@csharpfritz @johanbenschop