-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
getCurrentContext.get(<property>) sometimes returns other request/user's information #2397
Comments
Sorry for closing / reopening - wasn't sure if anyone was monitoring this |
Just to let you know, it seems like the issue w. the context is not specific to the remote hooks but actually related to trying to get the context from within a promise chain. The reason we saw it in the hooks was because those were being invoked by Model.create / Model.find operations that were within a promise chain. The context outside of the chain is correct, when we go into a promise chain it seems to pick up a previous 'state'. That seems to narrow it down a fair bit. Also we notice that the CLS object has a _set property which seems to preserver different context's as a stack. Just wanted to pass this along in case it wasn't something you had seen. From reading the issues on the CLS github it seems promises cause problems without workarounds / shims people have created. |
I am afraid Node.js does not provide any robust solution for continuation-local-storage at this moment, therefore we cannot provide a reliable Promises are one of the known cases that don't work. However, IIRC there are ways how to monkey patch them to support continuation local storage. What promise library are you using? I am closing this issue as there isn't much we can do about it here in loopback core. Please open a new issue in https://github.com/strongloop/loopback-context/issues/new and provide us with a small app reproducing the problem, see http://loopback.io/doc/en/contrib/Reporting-issues.html#bug-report. See also the discussion in strongloop/loopback-context#17 which may provide relevant information for your use case too. |
I'm running into what looks like a concurrency issue using the getCurrentContext in operation hooks.
We are using the context to store the user's access token, userId and groupId. This is done in middleware which is set on the auth:after.
We attempt to get these values as so:
This
getCurrentUser
method is used within a operation hookThe problem I am experiencing is that when I have several users logged into the system at the same time on a production environment (4 workers) occasionally the
this.getCurrentUser()
call will return with the WRONG user. This leads to some major security issues.I'm trying to figure out if this is something I'm doing incorrectly or if this is just a known issue with the context / CLS. I've read up on some related issues people have posted such as #2094 and #1495.
The text was updated successfully, but these errors were encountered: