You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
When multiple users accessed our webpage at once and (successfully logged in via this library). After a while some of them got logged in as other users in the backend. This was apparent as we show the username in the Frontend which we get from _id_token_claims['name'] . Also other requests e.g. for user history accessed data of the wrong user.
We tried to reproduce it in a controlled development environment with multiple users and simulated requests at once and checked if the MS user oid we set manually in the request matched the one acquired via _id_token_claims but couldn't reproduce the issue so far. This happened on release to a wider audience
which sets the adapter for the Middleware but the adapter is initialized with the current request, really thread safe, i.e. for multiple users at once?
The text was updated successfully, but these errors were encountered:
This issue is for a: (mark with an
x)Minimal steps to reproduce
Any log messages given by the failure
Expected/desired behavior
OS and Version?
Versions
Mention any other details that might be useful
Is this line
ms-identity-python-samples-common/ms_identity_web/django/middleware.py
Line 29 in 9b32cef
which sets the adapter for the Middleware but the adapter is initialized with the current request, really thread safe, i.e. for multiple users at once?
The text was updated successfully, but these errors were encountered: