Production Grade Cloud-Ready .NET 8 Starter Kit (Web API + Blazor Client) with Multitenancy Support, and Clean/Modular Architecture that saves roughly 200+ Development Hours! All Batteries Included.
According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).
To Reproduce
Update a user using PUT /users/
Check the response headers.
Description
When updating a user, RefreshSignInAsync is called: https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/60de9b802d799ea3b4b3b35d4c5b62e32d98d410/src/Infrastructure/Identity/UserService.CreateUpdate.cs#L177
According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).
To Reproduce Update a user using PUT /users/
Check the response headers.
Expected behavior No cookie should be set.