ArrowDB在用户中未返回正确的会话ID登录API回调
[英]ArrowDB not returning correct session id in usersLogin API callback
问题描述
JIRA ticket AC-3349 opened. 
JIRA门票AC-3349打开。 I'm posting the question here in order to help others who might be encountering the issue. 我在此发布问题,以帮助可能遇到此问题的其他人。 Please follow the ticket if you have the same issue. 如果您有相同的问题,请遵循票证。
Details: This issue has just started happening today (starting at 1.30PM EST or so) - things were working just fine before that. 详细信息:该问题今天才开始发生(从美国东部标准时间1.30PM左右开始)-在此之前一切正常。 If you use the ArrowDB Node SDK usersLogin to sign in as a non-admin user, the session id returned in the meta object is the session id of the admin user instead! 如果您使用ArrowDB Node SDK usersLogin登录名以非管理员用户身份登录,则元对象中返回的会话ID就是管理员用户的会话ID! One can confirm that by using the ArrowDB Node SDK usersShowMe and passing the session id, which returns the user object for the admin instead of the originally logged in user. 通过使用ArrowDB Node SDK usersShowMe并传递会话ID,可以确认这usersShowMe ,该ID返回admin的用户对象,而不是最初登录的用户。 Something has clearly changed in the last hour or two because these APIs were working correctly prior to that. 在最近一两个小时内,某些事情已经发生了明显的变化,因为这些API在此之前可以正常工作。 I have tried this with two different ArrowDB instances and the issue is the same on both. 我已经用两个不同的ArrowDB实例尝试了此操作,并且两个问题都相同。 Hence the issue isn't with the specific ArrowDB instance but elsewhere in ArrowDB session management on the Appcelerator platform. 因此,问题不在于特定的ArrowDB实例,而是Appcelerator平台上ArrowDB会话管理中的其他地方。
1 个解决方案
解决方案1
0 已采纳 2016-03-18 13:30:11
Apparently this happens only in the following scenario: 显然,仅在以下情况下会发生这种情况:
First, sign in as User A (say) and store the session id somewhere. 首先,以用户A的身份登录(例如)并将会话ID存储在某处。 Next, in the Node.js code, create a new instance of ArrowDB and then set the sessionCookieString property using the previously stored session id. 接下来,在Node.js代码中,创建ArrowDB的新实例,然后使用先前存储的会话ID设置sessionCookieString属性。 Next, in the same code block, sign in as User B (say, which in my case was an admin account) using the usersLogin method. 接下来,在同一代码块中,使用usersLogin方法以用户B身份登录(例如,在我的情况下为管理员帐户)。 Once signed in, apparently the previously stored session id now "belongs to" User B, which I think is a bug. 登录后,显然以前存储的会话ID现在“属于”用户B,我认为这是一个错误。 I'd assume that the usersLogin method would issue a new session id for the User B and leave the previously generated session id for User A alone. 我假设usersLogin方法将为用户B发出新的会话ID,而将先前为用户A生成的会话ID保留下来。 But that's not what happens. 但这不是事实。 The previous session id for User A is reassigned to User B, which I believe is a bug in ArrowDB SDK. 用户A的先前会话ID已重新分配给用户B,我认为这是ArrowDB SDK中的错误。
As a workaround, one needs to create a new instance of ArrowDB if one wishes to sign in as a different user (typically admin account) AFTER one has already set the sessionCookieString for an existing instance otherwise the previous session id gets reassigned. 一种解决方法是,如果一个人希望以其他用户身份登录(通常是admin帐户),则需要创建一个ArrowDB新实例。在为现有实例设置了sessionCookieString之后,否则将重新分配之前的会话ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.