Titanium JIRA Archive
Appcelerator Community (AC)

[AC-3439] ArrowCloud: session_id mixes up with previous user logged in.

GitHub Issuen/a
TypeBug
Priorityn/a
StatusClosed
ResolutionNeeds more info
Resolution Date2016-04-26T15:19:25.000+0000
Affected Version/sn/a
Fix Version/sn/a
ComponentsArrow Cloud
Labelsdefect
ReporterJoseph Sachs
AssigneeShak Hossain
Created2016-03-31T15:22:28.000+0000
Updated2016-10-14T11:47:32.000+0000

Description

1- Create an App with an ArrowDB project (add two Users user 1 & user 2 in Arrow web portal for simplicity). 2- Create an Node.ACS which also calls the ArrowDB. 3 - The Node.ACS project has a function that creates an ArrowDB Custom Object the User _called createObj_ by passing the session_id. 4- Login as user 1 via the App created (gets session_id, a _direct-API to ArrowDB_) 5- Create an Object owned by user 1 from the App (with the session_id via a Node.ACS call) 6- User 2 logs in and creates another Object (via Node.acs with user 2 session_id) Result (the issue): User 2 creates an Object, however it creates it for User 1 Expected Result: User 2 should create the Object for User 2 (since the session_id is for User 2). This issue has been raised in appcelerator.force.com with Case #: 00007416 Also, the solution was found via Stackoverflow, in which other developers faced this issue as well: [http://stackoverflow.com/questions/27255102/appcelerator-acs-users-login-api-getting-error-code-400-with-message-invalid-r] The solution was clarified here: {quote}for some reason acs-node v0.9.3 appears to be returning the same session ID, even for different users. Some side-effects I've seen include (1) the wrong user attempting to make a change to an object, and (2) objects created by one user are actually owned by the last person who logged in. Making sure acs-node is at v0.9.2 avoids this issue.{quote} Currently, we cannot update our node-acs 0.9.2 to the latest version because of this issue.

Comments

  1. Sharif AbuDarda 2016-04-01

    Hello, I am having problem understanding your issue. Are you using acs-node or arrowDB? Can you please explain a little bit. Please provide a code sample which regenerates the issue in node-acs 0.9.3. Also please provide list of steps to follow for us to test it in our environment. Since ACS-node has been deprecated for a while, using our latest arrowDB module should not have this problem. Regards, Sharif
  2. Joseph Sachs 2016-04-01

    Hello, I am using acs-node (a node project) And ArrowDB, the acs-node project calls ArrowDB regularly, so I am using both. The issue described above, is found in all acs-node projects which are greater than 0.9.2. UPDATE: I've updated the description Steps to reproduce. If I update to the latest version of arrowdb from node-acs, the issue of the sessions gets buggy as described, so I am forced to stay in 0.9.2. This issue applies to the newer versions.
  3. Sharif AbuDarda 2016-04-19

    Hello, Please provide sample code for us to test. Please be specific about each steps you mentioned and provide the related sample code. For recap you needs to use https://www.npmjs.com/package/arrowdb instead of https://www.npmjs.com/package/acs-node Regards, Thanks.
  4. Joseph Sachs 2016-10-14

    Attached here is a Sample ArrowCloud: https://www.dropbox.com/s/zotx4qlw63qzw66/ArrowCloudApp.zip?dl=0 In it you will find /controllers/services.js which explains in 1, 2, 3 how to reproduce.
  5. Joseph Sachs 2016-10-14

    Also, make sure to run the local Node.ACS server locally, and text the createEvent API with the session_id from Login (direct API to ArrowDB)
  6. Joseph Sachs 2016-10-14

    For all future developer who may stumble on this same issue, Wei has provided the solution. Before Every ArrowDB API call from ArrowCloud, make sure to pass the session_id before making the arrowDB call from ArrowCloud. ~~~ arrowDBApp.sessionCookieString = params.session_id; arrowDBApp.eventsCreate({ ..... ~~~
  7. Joseph Sachs 2016-10-14

    You can close this issue.

JSON Source