Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Users appear to be logged in as another user

I'm using Flask-Security to manage users, and I'm getting reports that users are logged-in successfully as themselves, but randomly when they load a page, it will show them logged as someone completely different. I'm not sure where I'm going wrong. What are possible ways this could happen?

I user a UserService to do some simple user management. I instantiate a user service before every request and pass in current_user.


@app.before_request
def load_request_services():
    g.user_service = UserService(user_datastore, application_service, email_service, ORGS, current_user)

Then, I get the current user in UserService from this method:


def current_user_get_info(self):
    return {
        'user': self.current_user.email,
        'first_name': self.current_user.first_name,
        'last_name': self.current_user.last_name,
        'phone_number': self.current_user.phone_number,
}

this is called when this API request code is executed:

    class CurrentUser(restful.Resource):
     def get(self):
         return json_response(g.user_service.current_user_get_info())
like image 827
vik Avatar asked Oct 31 '14 05:10

vik


People also ask

Why does Windows say another user is logged in?

The issue is caused by a Sign-in Option – As it turns out, this particular issue mostly occurs due to a change inside the Sign-in Options menu that forces the machine to use the sign-in info to automatically finish setting up the device and reopen apps.

How do I find out what other users are logged into my computer?

Right-click the taskbar, then select “Task Manager“. Select the “Users” tab. Details on the users logged into the machine are displayed.


1 Answers

I found the issue and am posting here for others who might have the same issue.

It turns out that the users who were accessing my site were behind a VPN with a proxy. The proxy was caching the pages along with the user's cookies. When one user makes request, the proxy would cache the page along with that user's cookie in the header. On the next user's request, the proxy would serve back the page with the first user's cookie and thus the second user would find himself as someone else.

See here for more info: https://code.google.com/p/doctype-mirror/wiki/ArticleHttpCaching

I solved it by setting the cache-control HTTP header to 'private' so that the proxy will not try to cache it. In Flask, it looks like this:

@app.after_request
def add_header(response):
    response.cache_control.private = True
    response.cache_control.public = False
    return response
like image 75
vik Avatar answered Oct 29 '22 05:10

vik