[BUG] Session returned to the wrong ARCitect processus after login #297
Comments
github-actions
bot
added
the
Status: Needs Triage
JonasLukasczyk
added
Type: Bug
|
Thank you for raising this issue but ARCitect was not intended to support this usage scenario. The problem is that ARCitect relies on the standard oauth2 authentification process which shares the browser cache. I will try a workaround though that setups a separate cache per ARCitect instance. The downside is that after every ARCitect restart the user will have to enter the credentials again. I also have a related question: in your usage scenario can both users login on the github / datahub webpage with their respective accounts? At the same time of course. I'm not familiar enough with windows server. |
|
To describe in more detail, we have a Windows server on a very large processing station. Windows server allows concurrent users to log into their account and do whatever in their Windows account. -> Maybe there's the same issue with "Switching users" in Windows. Note also, when I saw the bug described here, we were using the ARCitect app from the same folder (a folder with shared apps between users). Could have its importance, I have zero idea how the app works. I'd have to reproduce the issue with someone to tell you more about sessions in browser.
I'm all in for single sign-on, but if that means throwing session tokens to the first app that requests it, it's probably not worth it. |
It's also an issue on macOS:
I can click ok and keep working with ARCitect. |
OS and framework information (please complete the following information):
Describe the bug
On a Windows server, two users have a session open. The first starts ARCitect and logs in, everything is working normally.
When the second user starts ARCitect and logs in, there is no error shown, but no login appears on the ARCitect. Instead, the first user has obtained the session from the second without his awareness (the display username changes in the ARCitect of the first).
I guess that the session is returned to the first ARCitect processus found.
So if someone forgets to close ARCitect, that person will then prevent anyone else from using ARCitect on the system; but this is more of a security concern to me.
The text was updated successfully, but these errors were encountered: