Logged in as different user real time

Hi

On several occasions I have now been logged in as a different user in the midst of scrolling a thread.
It has been the same user each time.

We both have admin privileges.

There’s nothing in the logs.

On second thought there was an occasion where I got logged in as a different user than the aforementioned one.

That user does not have admin or mod

All occasions were Firefox mobile, android 14/lineage 21

Is this happening here? Or in your instance? If you only encounters this on your instance I recommend removing any custom plugins and rebuilding.

Moving to Support as there are no clear reproduction steps.

3 Likes

It’s like a once every two weeks kind of thing and I don’t use other instances of discourse so can’t say

Yeah this one

It happens on the instance I run. Its been happening for some time now. AFAIK he is the only user it happens to and the transition is always to the same user.

I checked logs to make sure hes not butt dialing the impersonate button but I dont know where else to look to track this down.

Plugins used:

If you want to track this down and isolate the problem:

  • Remove admin from both users
  • Logout both users from all devices
  • Reset both users passwords

And then see if it still happens.

1 Like

Ok, given this is a somewhat rare occurrence, what would the next step be if it does happen? I’d like to be able to give you guys more information than ‘still broken’ if so.

1 Like

I am wrong about it being just one user he is logged in as

It appears to only occur while he is scrolling on mobile with firefox

1 Like

Do you know if his mobile is shared? Ie do you also use his device to access your forum?

And this only happens with Firefox on Lineage OS?

No one is sharing devices to my knowledge. He is in canada, and the person he became lives in germany. The user he ‘morphed’ into in this case is a known iphone user, while he is android (oneplus AFAIK)

Perhaps its a timestamp thing for their token? I dont know how discourse generates user tokens. timedatectl appears accurate.

1 Like

Really not sure tbh. Maybe logging console from the browser may give some extra details

Yous said the change happens during scrolling?

With them being in different countries makes this very interesting and very odd. Especially since they are also using different mobile platforms.

1 Like

I have been reluctant to report this issue because its pretty rare, and we havent had success in nailing down a cause. I’m also suspect of the reverse proxy I am using… but it feels impossible to track down since I cant replicate the issue myself.

1 Like

Something for him to maybe try. I know lineage OS is a degoogled android. Maybe something in their software stack might also be doing something

Lineage OS iirc has an option to use Google services like the play store and imagine Chrome in a Sandbox to prevent the privacy issues related to Google platform. Maybe try Chrome or chrome based browser within the sandbox.

There may also be a degoogled version of chrome browser variant.

1 Like

I believe he still has gapps so this would be the play store version of firefox mobile. I am also on lineage with brave and cant recall this happening.

I know some people have mentioned it happened to other users but I’m not certain on details and I know it happens for tsk specifically.

I will try using FF mobile to see if I can recreate.

1 Like

There is a user that uses Brave on Windows 10 and Brave Mobile in regular old Android who encountered this issue.

Same instance as @tsk and @Adubs

1 Like

I have gapps and Firefox came from play store.

I have ublock and I don’t care about cookies extensions.

Each time it happened was scrolling and/or replying in a thread.

1 Like