You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I log in as an anonymous user, then change the user to a user identified via UserNameToken (keeping the same session) and then switch back to the anonymous user, the session.UserToken still is the UserNameToken not an AnonymousUserToken.
Source is in SessionManager.ActivateSession() where session.ValidateBeforeActivate() returns null for the token if the session is already activated and the user is anonymous.
later on in this method session.Activate() skips calling UpdateUserIdentity() if the token is null.
The client (tested with UaExpert) signals "user change succeded".
This becomes critical when access levels are dependent on the logged in user and the server allows for multiple sessions with different users.
Not sure if simply checking the token for null and replacing it with a new AnonymousUserToken after calling session.ValidateBeforeActivate() is the correct fix.
The text was updated successfully, but these errors were encountered:
When I log in as an anonymous user, then change the user to a user identified via UserNameToken (keeping the same session) and then switch back to the anonymous user, the session.UserToken still is the UserNameToken not an AnonymousUserToken.
Source is in SessionManager.ActivateSession() where session.ValidateBeforeActivate() returns null for the token if the session is already activated and the user is anonymous.
later on in this method session.Activate() skips calling UpdateUserIdentity() if the token is null.
The client (tested with UaExpert) signals "user change succeded".
This becomes critical when access levels are dependent on the logged in user and the server allows for multiple sessions with different users.
Not sure if simply checking the token for null and replacing it with a new AnonymousUserToken after calling session.ValidateBeforeActivate() is the correct fix.
The text was updated successfully, but these errors were encountered: