We had a user report it soon after the deployment. After that we started looking into the specific user who reported (User1) and the user (whose information was seen by the reporting user) say User2. We realized there are login entries from same IP for both of these users. In the access log of the server there was a POST request for User1 but at the time of login entry for User2 there was only a GET request. In the time line GET request is first, User1 sees User2's information logs out and then login again with their credentials.
Thanks, Prasanth On 03/13/2018 11:41 PM, Yasser Zamani wrote: > > On 3/10/2018 1:22 AM, Prasanth Pasala wrote: >> Ran tests with 1000 users logging in in 60sec while simultaneously 1000 >> users just requesting login page in 60 sec to see if any of them would get >> in with out username/password. No luck. System seems >> to be working properly. Also tried increasing it to 2000 it still worked as >> it should with out the issue coming up. >> >> Would hot deployments cause any issue? > Without reproducing it, it's hard to say why this issue happens rarely > :( How did you discover it firstly? Was incorrectly loged in user able > to continue to other pages also as an authenticated user? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
