ASP .NET Session Auth
Hey guys,
I do currently have an ASP WebAPI using Cookie Auth with
This is not using sessions right? Since I can copy the cookie value, then call the logout endpoint which calls SignOutAsync, add the cookie again and still be authenticated.
But I want to use sessions, how can i make it that the frontend gets one cookie which stores the sessionId and is then authenticated with that sessionId?
I have read about .AddSession but I am confused, do I still need .AddAuthentication(...).AddCookie then? I didn't find anything related to auth with a session cookie, just ressources about either cookie auth or just sessions.
I do not want to use Identity since the User table already exists and my frontend is a separate react app.
0 Replies