Randomly Logged in as a Different User

bguengerbguenger
in Bug Reports
Hello,

I've noticed this bug a few different times myself and I've had a few of my lab users report it as well.

Every once in a while (usually in Chrome browser), I'll go to my Repetier Server tab and instead of being logged into my admin account, I'll be logged in as a random different user. I'm the only person who uses my PC and I always log into my same admin account, so it seems like the system is just randomly sending me over to a different account.

I manage a university makerspace, so we have hundreds of users with unique accounts. I get the sense that most people use Repetier Server for smaller scale operations, but maybe I'm wrong. Could the scale of our implementation have anything to do with this error?

It's not really an issue if I get logged in as another user, but I don't want a user to randomly get logged in as an admin.

Any thoughts about why this might be happening?

Thanks!
Ben

Comments

  • RepetierRepetier
    Are other users using same pc and has it personal accounts or are acounts shared?
    If you check to remember login it sets a data package in local storage making you get the last user credentials having done so. When you cleanly do log out this gets cleared. Just closing tab makes it auto login again on opening the url. But from description it sounds like you are the only user of it so not the reason.

    Apart from this make sure you have not send or bookmarked url with sessions. At least in older versions the session id might got reused with new account how logged in.

    Which version are you currently using?
  • bguengerbguenger
    I'm the only person using the PC, but the other users are sharing computers. They have their own user accounts on the computers.

    We're on version 1.3.0 right now
  • RepetierRepetier
    Ok, on 1.4.2 I had improved user management and I think around that time I changed session reusage with creating new session id, so you should check if upgrading solves the issue.

    Did you check the url send to others for login if it had session in link?
  • bguengerbguenger
    Sounds good; I'll try updating to the latest version and see if that helps.

    For the record, I really appreciate your software and how responsive you are to my questions whenever I have them!

    I'll post back here if I still notice the issue after updating.

    Best
    Ben
  • bguengerbguenger
    Hi,

    I finally updated to version 1.4.10 and today when I accessed the server, I was randomly logged in as a different user. It doesn't appear that the user management updates to the most recent version have fixed the issue. Do you have any new suggestions?

    Thank you!
    Ben
  • RepetierRepetier
    Just want to note that I'm not forgetting this, also I can not reproduce it except with sharing links containing sessions. At the moment I plan to switch more to cookies to remove sessions from links and preventing any chance on this, but that is a complicated task with many code parts to modify!
  • RepetierRepetier
    Ok, new cookie based gui version is now released. Hope it does not happen any more. Now sessions are not send via url so no involuntary mixing/sharing possible in regualar ui.
Sign In or Register to comment.