We are facing a weird issue after upgrade to .NET Core 6 from 3.1 in production environment.
In login API call, we are setting the user's claim principal with different parameters like userId
, currentClientId
, parentClientId
, etc.
Initially, currentClientId
and parentClientId
are set to 0 in the login API. We have used HttpContext.SignInAsync(principal...)
method to set the claims principal.
When user selects the client from the frontend, setClient
API is called, where we are setting the currentClientId
and parentClientId
to any numeric value. We are refreshing the claims again by calling HttpContext.SignInAsync(principal...)
with the updated principal (i.e. with updated value of currentClientId
and parentClientId
).
After the above API call an API to check if the user is logged in is called. This API gets the contextUser
from Web.Settings.User(HttpContext.User);
We have used 2 ways to get the logged in User details:
- Web.Settings.User(HttpContext.User)
- Web.Settings.User(User)
For some reason, after updating to .NET Core 6, we have started getting contaminated values (i.e. previous values of currentClientId
and parentClientId
) Web.Settings.User(HttpContext.User) and Web.Settings.User(User), even though the new values were updated in the setClient
API.
This issue is not occurring in the development environment at all but in production.