Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users sometimes get logged into the wrong account #280

Open
JohnGoodman opened this issue Jan 21, 2025 · 1 comment
Open

Users sometimes get logged into the wrong account #280

JohnGoodman opened this issue Jan 21, 2025 · 1 comment

Comments

@JohnGoodman
Copy link

In very rare instances, when a user has been logged in for a few days, when they come back to my app, they get logged into the wrong account. I'm not entirely sure what the cause is, but it likely has something to do with the stored JWT. Maybe the JWT isn't unique so when the person come backs and the session is re-authenticated via the stored JWT, a different user is found? Any help on this is appreciated.

I'm using Rails as a headless API that handles the user accounts. The web app is a React app. The web app stores the JWT in the browser's localstorage.

Rails: 8.0.0
devise-jwt: 0.12.1
devise: 4.9.4
@waiting-for-dev
Copy link
Owner

I'm pretty sure that should be something related to your setup. This is how the user is fetched from a JWT token by default. As you can see the primary key is used to match the token, so maybe you should investigate along that lines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@waiting-for-dev @JohnGoodman