We are facing a weird issue after upgrade to .NET Core 6 from 3.1 in production environment.
In login API call, we are setting the user's claim principal with different parameters like userId, currentClientId, parentClientId, etc.
Initially, currentClientId and parentClientId are set to 0 in the login API. We have used HttpContext.SignInAsync(principal...) method to set the claims principal.
When user selects the client from the frontend, setClient API is called, where we are setting the currentClientId and parentClientId to any numeric value. We are refreshing the claims again by calling HttpContext.SignInAsync(principal...) with the updated principal (i.e. with updated value of currentClientId and parentClientId).
After the above API call an API to check if the user is logged in is called. This API gets the contextUser from Web.Settings.User(HttpContext.User);
We have used 2 ways to get the logged in User details:
- Web.Settings.User(HttpContext.User)
- Web.Settings.User(User)
For some reason, after updating to .NET Core 6, we have started getting contaminated values (i.e. previous values of currentClientId and parentClientId) Web.Settings.User(HttpContext.User) and Web.Settings.User(User), even though the new values were updated in the setClient API.
This issue is not occurring in the development environment at all but in production.