[AC-3439] ArrowCloud: session_id mixes up with previous user logged in.
| GitHub Issue | n/a |
|---|---|
| Type | Bug |
| Priority | n/a |
| Status | Closed |
| Resolution | Needs more info |
| Resolution Date | 2016-04-26T15:19:25.000+0000 |
| Affected Version/s | n/a |
| Fix Version/s | n/a |
| Components | Arrow Cloud |
| Labels | defect |
| Reporter | Joseph Sachs |
| Assignee | Shak Hossain |
| Created | 2016-03-31T15:22:28.000+0000 |
| Updated | 2016-10-14T11:47:32.000+0000 |
Description
1- Create an App with an ArrowDB project (add two Users user 1 & user 2 in Arrow web portal for simplicity).
2- Create an Node.ACS which also calls the ArrowDB.
3 - The Node.ACS project has a function that creates an ArrowDB Custom Object the User _called createObj_ by passing the session_id.
4- Login as user 1 via the App created (gets session_id, a _direct-API to ArrowDB_)
5- Create an Object owned by user 1 from the App (with the session_id via a Node.ACS call)
6- User 2 logs in and creates another Object (via Node.acs with user 2 session_id)
Result (the issue): User 2 creates an Object, however it creates it for User 1
Expected Result: User 2 should create the Object for User 2 (since the session_id is for User 2).
This issue has been raised in appcelerator.force.com with Case #: 00007416
Also, the solution was found via Stackoverflow, in which other developers faced this issue as well: [http://stackoverflow.com/questions/27255102/appcelerator-acs-users-login-api-getting-error-code-400-with-message-invalid-r]
The solution was clarified here:
{quote}for some reason acs-node v0.9.3 appears to be returning the same session ID, even for different users. Some side-effects I've seen include (1) the wrong user attempting to make a change to an object, and (2) objects created by one user are actually owned by the last person who logged in. Making sure acs-node is at v0.9.2 avoids this issue.{quote}
Currently, we cannot update our node-acs 0.9.2 to the latest version because of this issue.
Hello, I am having problem understanding your issue. Are you using acs-node or arrowDB? Can you please explain a little bit. Please provide a code sample which regenerates the issue in node-acs 0.9.3. Also please provide list of steps to follow for us to test it in our environment. Since ACS-node has been deprecated for a while, using our latest arrowDB module should not have this problem. Regards, Sharif
Hello, I am using acs-node (a node project) And ArrowDB, the acs-node project calls ArrowDB regularly, so I am using both. The issue described above, is found in all acs-node projects which are greater than 0.9.2. UPDATE: I've updated the description Steps to reproduce. If I update to the latest version of arrowdb from node-acs, the issue of the sessions gets buggy as described, so I am forced to stay in 0.9.2. This issue applies to the newer versions.
Hello, Please provide sample code for us to test. Please be specific about each steps you mentioned and provide the related sample code. For recap you needs to use https://www.npmjs.com/package/arrowdb instead of https://www.npmjs.com/package/acs-node Regards, Thanks.
Attached here is a Sample ArrowCloud: https://www.dropbox.com/s/zotx4qlw63qzw66/ArrowCloudApp.zip?dl=0 In it you will find /controllers/services.js which explains in 1, 2, 3 how to reproduce.
Also, make sure to run the local Node.ACS server locally, and text the createEvent API with the session_id from Login (direct API to ArrowDB)
For all future developer who may stumble on this same issue, Wei has provided the solution. Before Every ArrowDB API call from ArrowCloud, make sure to pass the session_id before making the arrowDB call from ArrowCloud. ~~~ arrowDBApp.sessionCookieString = params.session_id; arrowDBApp.eventsCreate({ ..... ~~~
You can close this issue.