public ActionResult <SessionResponse> Login([FromBody] LoginRequest loginRequest) { Guid personID; using (LoginDuration.WithLabels("Login").NewTimer()) { personID = sessionServices.Login(loginRequest); // Require the user to have a confirmed email before they can log on. if (true) { HttpContext.Session.SetString("personId", personID.ToString()); HttpContext.Session.SetString("emailId", loginRequest.EmailId); } } return(new SessionResponse(HttpContext.Session.Id, personID)); }