0
I need help fast ... I’m wondering why my web application (Nodejs 10.x) is giving this strange error: It’s swapping out user sessions... When a user edits their profile, the information always goes to the last logged in user.
Real Example:
- User with email [email protected] logs in;
- It goes to the editing page;
- User with email [email protected] logs in;
- user [email protected] modifies something and saves;
- The data goes to the user [email protected]
- Sometimes ** incredibly ** the user screen [email protected] BECOMES THE USER’S [email protected]!!
The system is currently disabled for maintenance.
After debugging, we can see that the problem is with the session: in the edit controller, apparently the last registered user ID is used to query the database.
I don’t know if I’m making a mistake, or it’s some configuration problem, but now we have about 1000 users and all the information is being exchanged, when someone edits their own profile, the information goes to someone else ... This is VERY SERIOUS.
Example:
route Candidates
router.post('/infoCurso', User.loggedIn, User.checkRoles(['usuario']), function (req, res) {
var form = new formidable.IncomingForm();
form.parse(req, async function (err, fields, files) {
try {
var success = await Candidato.infoCurso(fields)
if (success) {
res.status(200).send(true)
} else {
res.status(400).send(false)
}
} catch (err) {
res.status(500).send(err)
}
});
});
controller Candidatos
exports.infoCurso = function (data) {
var cpf = req.session.passport.user.cpf
return new Promise((resolve, reject) => {
var now = new Date()
db.Curriculos.get(cpf, function (err, doc) {
if (doc === undefined) {
reject(false)
}
else {
doc.cursos = JSON.parse(data.cursos_array)
doc.dataAlteracao = dateFormat(now, "isoDateTime")
db.Curriculos.insert(doc, doc.cpf, function (err, doc) {
if (err) {
console.log('UPDATE Curriculo')
console.log('Error inserting data\n' + err)
reject(false)
}
else {
resolve(true)
}
})
}
})
})
}
app js.:
var session = require('express-session')
app.use(session({
secret: 'mysecret',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}))
Welcome to the Stackoverflow in Portuguese. As the name suggests, the official language used here is Portuguese. So, could you please translate your question? If you prefer, you can also ask the same question on Stackoverflow website in English.
– Sorack
Your code does not appear to be functional, after all in the function
infoCurso
there is no reference to the variablereq
however it is being used. And also have to test different machines or at least different browsers– Sorack