abp icon indicating copy to clipboard operation
abp copied to clipboard

Published 20 hours ago verified publisher icon abpframework

Session stays valid after purging & recreating database

Open xorinzor opened this issue 2 years ago • 5 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Description

I'm creating a fresh project using the layered app template.

Recently I was signed in, made some changes to my migrations file and decided to delete all tables & re-run the DbMigrator to fill the database from a fresh state.

To my suprise after I started the webserver again and went to the page, I was still signed in. Once I tried to create some data I even got an error where the insert failed because the User ID didn't match a foreign key on the users table. Somehow, it still was using the previous GUID of the admin user. After logging out & logging back in this was resolved.

Reproduction Steps

  1. Create a new project
  2. Run migrations
  3. Start webserver
  4. Login on the website
  5. stop webserver
  6. Delete tables from database
  7. Run migrations
  8. Start webserver
  9. Go back to the website, you will still be logged in.

Expected behavior

The session should have been invalidated

Actual behavior

User is still signed in with the old user information

Regression?

No response

Known Workarounds

No response

Version

6.0.1

User Interface

Common (Default)

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Linux

Other information

No response

xorinzor avatar Dec 08 '22 13:12 xorinzor

hi

Try to clear the Redis.

maliming avatar Dec 09 '22 00:12 maliming

I don't have Redis running / configured. It's all in my local development environment, just a MSSQL database and this project's code.

xorinzor avatar Dec 09 '22 01:12 xorinzor

Because the cookies of localhost are still valid. So the above problems will occur.

maliming avatar Dec 09 '22 01:12 maliming

How can the cookies of localhost stay valid if there's nothing to validate them against?

And even worse, how can they use the GUID of the old user?

IMO this should never be happening and is definitely a bug.

xorinzor avatar Dec 09 '22 08:12 xorinzor

This is not the scope of the abp framework. The asp net core identity project template is the same.

maliming avatar Dec 09 '22 12:12 maliming

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Feb 18 '23 02:02 stale[bot]