HttpContextAccessor cookies are null when accessing from a callback method

Question

I'm using Stripe as a payment method on my site.

When the user logs in, I stored access and id tokens for the user in httpContextAccessor.HttpContext.Request.Cookies.

This all works fine, I can access the tokens on any page I inject an instance of IHttpContextAccessor.

When the user makes a payment, I have a controller set up for the callback to handle the payment status. I need to access the ids I store in the cookies, but they are null.

My question is, what do I need to do so that I have access to the logged in users cookies in the callback function?

This is how I obtain the cookie information on other pages:

private IHttpContextAccessor _httpContextAccessor;
    public StripeWebHook(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor;
    }

var id_Token = _httpContextAccessor.HttpContext.Request.Cookies["id_token"];

Answer 1

You don't, they are Request:HttpContext.Request.Cookies cookies. The cookies are saved on the client side (browser) not on the server side and they are being transfered with each request.

The very first question is why would you need the access and id tokens on the callback?

In case you really do for some reason, the following scenario would suffice:

1. User creates the payment which would get the specific payment id
2. Server side saves the payment id (maybe alongside with the id and access token) in a database
3. Once the callback executes, you can retrieve them from the database by the payment id.

Bear in mind, that by the time the callback occurs, the user might have already logged out/revoked/refreshed the access token.