Session stealing?
Not sure if this is actually a bug. But try opening better auth in two windows (one in normal, one in incognito). Doing a few refreshses etc - And suddenly user 1 will become user 2?
The browsers are totally seperated?
Running newest stable version of better-auth. Tried this also on a public facing one and the same happend.
9 Replies
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
Different browsers.
This might be a local issue So I wont report this further
i’ve had this issue reported by multiple users - they login and are able to login as other random users. do you know the cause of this?
Your having random users login as other users!? 👀
yeah it’s a solid issue. i have dbgenerated user ids (only diff) but idk the root cause of why it happens
like i fetch data by user id from the session and the session just gave me that user id which is weird
also isnt the sole instance of the issue, i need to debug further
Unknown User•3d ago
Message Not Public
Sign In & Join Server To View
no. and I couldn't reproduce it with @kaas as well. It's very unlikely it'd happen in normal scenario but if there is anything reproducible would be happy to take look.
👀
it was a cache issue within nextjs (as always). modified to no caching / private via headers + nextjs bs and resolved it