Logging In as a different user
We run events in which there are a few hundred people that log in to our app at once in the same location. We've faced issues that some users login successfully with their credentials but they are logged in as someone completely different. We also don't have caching enabled. Do you guys know why this might be happening?
13 Replies
hmm? what version of better auth are you using?
Hello, we are using version 1.1.9
First you should update to latest which is no
1.2.5
The only reason this might have happened is if the server returned a cache response for session from a different user
Someone mentioned facing similar issue using nextjs + better auth. This might have happened with how request cahcing works in Better Auth + how nextjs handles caching (Im not sure if you're using nextjs).
If the issue happens again after you upgraded, please let me knowWe are using Next.js.
const { data: session, isPending, error } = client.useSession();
We get session like this on the client and then pass it down to server to verifying against
const session = await auth.api.getSession({ headers: requestHeaders });
Is there anything wrong with this?
This is our config:
Hard to tell what exactly would cause such a problem. Would be happy to take a look if you can send me a POC but I don't think this would be an issue if you upgrade to any version post
1.2We will update it to the latest version. Also, what do you mean by POC?
something I can reproduce the error with
but update to latest and report back to me if it happens again
We are trying to replicate the bug but it works fine for us. The issue occurs when we are running events and people are signing in at the same time in the same room. Looking at our logs, there seems to be an issue where the sessions mismatches between the client and server here: and the session in are not the same.
One of the uses mentioned that they saw their name changed to different users a few times
I tried differnt way to replicate it, including running a script which signs in many users at the same time but I couldn't. I think it's just might be nextjs only problem with the way request headers (cookies) are cached in better auth + nextjs causing some kind of issues. That's my theory. I don't think it'll happen post 1.2 ever, since we re-wrote the internal library.
If it does, let me know and we'll investigate further. If you can replicate with the old version, would be happy to take a look as well.
Okay great! Thanks for this, we upgraded to the latest version. Also, do you think this might be related to Fluid Compute by Vercel?
I doubt that'd create any issue. But I personally haven't tried Fluid yet.
Okay thank you so much! I'll keep you updated if the issue arises again.