Skip to content

Change how we compute the user_id in the session.db.#696

Merged
karlcow merged 1 commit intomasterfrom
tweak-auth
Sep 6, 2015
Merged

Change how we compute the user_id in the session.db.#696
karlcow merged 1 commit intomasterfrom
tweak-auth

Conversation

@miketaylr
Copy link
Copy Markdown
Member

@miketaylr miketaylr commented Sep 6, 2015

I have a theory that somehow our user_id computation would be off by 1 (or so) resulting in selecting the wrong user. Possibly by restarting the app if a user was logging in? Unsure, but we know this has happened 2 or 3 times in a year. So it's rare, but very very bad.

The plan here is to do away with integer ids and use a salted + hashed github access token as the user id, so it's guaranteed to be unique. And if we do have a hidden bug somewhere we'll find out because 441262a70a96g6c84339af1fb96365df485e32aa75b03e7ce7a79dcb76f48f8a590caf9066c342ce5efbbd5f75ae962f61aca0206x23b4aa5b4f0becfb6571b9 + 1 (or something, if my hunch is true) will just explode rather than select the wrong user. And maybe that will allow us to find the bug.

r? @karlcow

@karlcow
Copy link
Copy Markdown
Member

karlcow commented Sep 6, 2015

that sounds like a good plan.

karlcow added a commit that referenced this pull request Sep 6, 2015
@karlcow
Merge pull request #696 from webcompat/tweak-auth
4876c0b 
Change how we compute the user_id in the session.db.
@karlcow karlcow merged commit 4876c0b into master Sep 6, 2015
@karlcow karlcow mentioned this pull request Sep 8, 2015
Closed
@miketaylr miketaylr deleted the tweak-auth branch January 7, 2016 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@miketaylr @karlcow