[BUG] Updating a User sets a Cookie
doucsag opened this issue · comments
Description
When updating a user, RefreshSignInAsync is called: https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/60de9b802d799ea3b4b3b35d4c5b62e32d98d410/src/Infrastructure/Identity/UserService.CreateUpdate.cs#L177
According to my research this re-reads the claims from the cookie and updates the cookie and in our case sets a new cookie on the current user which does not make sense since the API uses JWT and does not make sense when updating a user different from the one currently logged in as you'll receive a cookie with the claims of the updated user (presumably).
To Reproduce
Update a user using PUT /users/
Check the response headers.
Expected behavior
No cookie should be set.