Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Questionable use of statics in UserService potentially causes wrong request-usersession association #1882

Open
4 tasks done
phiresky opened this issue Jul 8, 2023 · 2 comments
Open
4 tasks done

[Bug]: Questionable use of statics in UserService potentially causes wrong request-usersession association #1882

phiresky opened this issue Jul 8, 2023 · 2 comments
Labels
area: privacy bug Something isn't working extra: critical It's really, really important
Milestone
0.18.2

Comments

@phiresky
Copy link
Contributor

phiresky commented Jul 8, 2023
edited

Requirements

  • This is a bug report, and if not, please post to https://lemmy.ml/c/lemmy_support instead.
  • Please check to see if this issue already exists.
  • It's a single bug. Do not report multiple bugs in one issue.
  • It's a frontend issue, not a backend issue; Otherwise please create an issue on the backend repo instead.

Summary

I heard that multiple people have allegedly experienced a situation where they load a page and are logged in as a different user - either very shortly until the page rerenders or possibly until a page refresh.

I looked at the code and it seems there might be a fairly simple explanation due to a race condition (I don't know much about Inferno, just React/SSR).

The catch all request handler:

lemmy-ui/src/server/handlers/catch-all-handler.tsx

Line 25 in 3d58bae

export default async (req: Request, res: Response) => {

calls initializeSite()

lemmy-ui/src/shared/utils/app/initialize-site.ts

Lines 5 to 6 in 3d58bae

export default function initializeSite(site?: GetSiteResponse) {
UserService.Instance.myUserInfo = site?.my_user;

Which sets the global UserService. After that, it does an asynchronous call to await activeRoute.fetchInitialData(initialFetchReq); During this time, the UserService.instance.userData may be replaced by a separate incoming http request. After that, it calls renderToString which will create the various JSX components.

In those, the user context is used both in class componets and via the myAuth() function, e.g.:

https://github.com/LemmyNet/lemmy-ui/blob/main/src/shared/components/app/app.tsx

At which point it might be the data from a different user though.

I think the solution would be to store UserService inside the react context instead of using a singleton.

Steps to Reproduce

I have not reproduced this issue.

Technical Details

Lemmy Instance Version

current main branch

Lemmy Instance URL

No response
@phiresky phiresky added the bug Something isn't working label Jul 8, 2023
@makotech222
Copy link
Contributor

Good catch. UserService can safely be a singleton on the client, but on the SSR server it should not be.

@pproe pproe mentioned this issue Jul 9, 2023
Closed
4 tasks
@alectrocute alectrocute added this to the 0.18.2 milestone Jul 9, 2023
@alectrocute alectrocute added the extra: critical It's really, really important label Jul 9, 2023
@ghost
Copy link

ghost commented Jul 11, 2023

Happens on lemmy.world too

Screen.Recording.2023-07-11.at.23.33.25.mp4

Seems like something that is easier to reproduce on bigger instances

@phiresky phiresky mentioned this issue Dec 15, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: privacy bug Something isn't working extra: critical It's really, really important
Projects
None yet
Milestone
0.18.2
Development

No branches or pull requests
4 participants
@phiresky @makotech222 @alectrocute @lionirdeadman