do sessions in memory and also fix glaring security hole

Femto.Common/ICurrentUserContext.cs

@@ -5,4 +5,4 @@ public interface ICurrentUserContext
     CurrentUser? CurrentUser { get; }
 }
 
-public record CurrentUser(Guid Id, string Username, string SessionId, string? RememberMeToken);
+public record CurrentUser(Guid Id, string Username);

Femto.Common/Infrastructure/SaveChangesPipelineBehaviour.cs

@@ -18,7 +18,12 @@ public class SaveChangesPipelineBehaviour<TRequest, TResponse>(
         CancellationToken cancellationToken
     )
     {
+        logger.LogDebug("handling request {Type}", typeof(TRequest).Name);
         var response = await next(cancellationToken);
+        
+        var hasChanges = context.ChangeTracker.HasChanges();
+        logger.LogDebug("request handled. Changes? {HasChanges}", hasChanges);
+        
         if (context.ChangeTracker.HasChanges())
         {
             await context.EmitDomainEvents(logger, publisher, cancellationToken);

Femto.Common/ScopeBinding.cs

@@ -3,19 +3,24 @@ using Microsoft.Extensions.Logging;
 
 namespace Femto.Common;
 
+
 /// <summary>
 /// We use this to bind a scope to the request scope in the composition root
 /// Any scoped services provided by this subcontainer should be accessed via a ScopeBinding injected in the host
 /// </summary>
 /// <param name="scope"></param>
-public class ScopeBinding<T>(IServiceScope scope) : IDisposable
-    where T : notnull
+public class ScopeBinding(IServiceScope scope) : IDisposable
 {
-    public T GetService() {
-        return scope.ServiceProvider.GetRequiredService<T>();
+    private IServiceScope Scope { get; } = scope;
+
+    public T GetService<T>()
+        where T : notnull
+    {
+        return this.Scope.ServiceProvider.GetRequiredService<T>();
     }
 
-    public void Dispose() {
-        scope.Dispose();
+    public virtual void Dispose()
+    {
+        this.Scope.Dispose();
     }
 }