We’ve been using SS for about 6 years now on the same project, and in that time have encountered the following issue about 5 times.
An already logged in user, or one that logs into their account, sees another users account instead.
At first I brushed it off as there was minimal info to go on (and still kinda is). However, it’s happened twice in the last few months and there must be something behind it.
Here’s what I have to go on - and how we current have SS setup.
We use JWT authentication and redis for SS caching. Every service endpoint fetches from the cache the user session info which is used to verify the data passed in is valid for that user to edit etc.
The times we have noticed the issue seem to be linked by a production update, with reported incidents happening with a short time of the update.
Today it occurred 3 minutes after the update. We do not clear redis during a production update.
The one additional detail we found today was the the two users is the both logged in within 1000th of a second.
Any thoughts on the cause or where to dig into SS code if necessary would be greatly appreciated. Although a rare occurrence, it’s a big deal.