Hello - Having an issue with a person logged in and then during the same session, their profile information changes to another person’s information. We had a new user come in, create an account and then fill out an application, but it then somehow copied over someone else’s profile. Unable to replicate the issue. But, we have data that shows multiple User IDs in the same session. We are using Segment to set the user ID in the cookie. We were trying to see if we could create an event that showed us when the user ID changed in the same session. But, I was wondering if this was something happening on the Auth0 side when the user creates an account
There’s not a lot of information here. I highly doubt this could be something on Auth0’s side.
From what you have described, this is a problem with your application session (not Auth0’s session). This session is completely controlled by you. It is typically built from info in the ID token received from Auth0, but Auth0 doesn’t maintain it.
Or if you have rules that modify the profile, it is possible there is a bug there.
If you can post more info, I might be of more help.
Thank you, John!
Apologies for the lack of information - I’ve never seen anything like it before to be honest. We do agree it is happening on our end bug, but having issues replicating it. I ran through a few scenarios and everything seems to be functioning as expected. I log in and log out and log in again as another user and the session ID does change and the user id also changes as expected.
We did implement a session timeout rule for PCI compliance and I wonder if this may be causing the issue. Guess I am looking for ideas on how I can replicate this and where I should look for troubleshooting.
What is the app architecture?
I’d start by putting some debugging statements in the app that try to detect this condition and log a message somewhere, to start trying to pin down what is going on.