Concurrency issue: Users are logged in as other users
zzikkzzakk opened this issue · 0 comments
This issue is for a: (mark with an x)
- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
When multiple users accessed our webpage at once and (successfully logged in via this library). After a while some of them got logged in as other users in the backend. This was apparent as we show the username in the Frontend which we get from
_id_token_claims['name']. Also other requests e.g. for user history accessed data of the wrong user.
We tried to reproduce it in a controlled development environment with multiple users and simulated requests at once and checked if the MS user oid we set manually in the request matched the one acquired via_id_token_claimsbut couldn't reproduce the issue so far. This happened on release to a wider audience
Any log messages given by the failure
No errors seen
Expected/desired behavior
No concurrency issue
OS and Version?
Azure App Services, Python Stack
Versions
latest i.e. 0.16.6
Mention any other details that might be useful
Is this line
which sets the adapter for the Middleware but the adapter is initialized with the current request, really thread safe, i.e. for multiple users at once?