Reputation: 877
ServiceStack CredentialsAuthProvider is ignore rememberMe = false
I am using CredentialsAuthProvider with SS v4.0.39, and have been for well over a year. A client has asked what the "remember me" checkbox on the login page does. My understanding was that this determines whether the user's session is persisted across browser tabs.
However, having tested it, when rememberMe = false, the ss-pid cookie is still returned, and if I open other tabs/browser windows, the session is retrieved and user is an "authenticated" user.
Have I mis-understood the behaviour?
Upvotes: 1
Views: 242
Answers (1)
Reputation: 143399
Both of ServiceStack ss-id and ss-pid Session Cookies are always created. The ?RememberMe=true parameter indicates that the Users Session should be stored under the permanent Id ss-pid instead of the default Temporary Session Id ss-id which is how Users Sessions can survive Browser restarts since the ss-pid permanent Cookie isn't reset.
Upvotes: 2
Related Questions
- ServiceStack 6 CredentialsAuthProvider does not return BearerToken
- ArgumentNullException with custom auth provider in ServiceStack
- ServiceStack register error form CustomUserAuth in CredentialsAuthProvider
- ServiceStack UserName should not be empty?
- How to implement "remember me" using ServiceStack authentication
- ServiceStack 4.0.30 - CredentialsAuthProvider - Not Setting 401 Status on Failed Authentication
- Is there a way to disable the 'remember me' feature in ServiceStack?
- Turn off GET Access to ServiceStack Custom Credentials Provider
- ServiceStack CredentialsAuthProvidercheck if authenticated
- ServiceStack: Custom CredentialsAuthProvider