TriPSs
commented
6 years ago Some simpel questions:
- Which version of esc?
- Which version of esc-storage?
I have the feeling this happens because it's the same browser session.
Closed kuatro closed 6 years ago
TriPSs
commented
6 years ago Some simpel questions:
I have the feeling this happens because it's the same browser session.
kuatro
commented
6 years ago @TriPSs Just cloned react-esc-example (master branch) and successfully reproduced the glitch.
TriPSs
commented
6 years ago @kuatro I did not have the time yet to update that project :( Could you plz update esc to at-least 4.0.0-beta.10 and are you sure it does not have to do with the same browser session?
If not then i will check it tonight.
kuatro
commented
6 years ago @TriPSs np!
are you sure it does not have to do with the same browser session? — absolutely sure.
TriPSs
commented
6 years ago @kuatro I updated the project in the cleanup branch.
Chrome:
Terminal:
As you can see i don't get a token in the response. Could you check it with that branch to? (Note remove node_modules and lock file)
kuatro
commented
6 years ago @TriPSs I tried with the new branch, but it didn't fix the problem. Could you please try to repeat the steps above?
TriPSs
commented
6 years ago @kuatro I tried it again:
Chrome source code:
Terminal:
Firefox:
I'm sorry but i can't reproduce the problem.
kuatro
commented
6 years ago @TriPSs You need to start the script and reload the page in the browser several times to catch the bug.
And actually the script returns an output only in case of there is token: string is present on the page.
TriPSs
commented
6 years ago @kuatro Thanks! I see what you mean, i will investigate it!
TriPSs
commented
6 years ago @kuatro I think this has to do with how setup the Cookie for esc-storage
// Add Cookie to global so we can use it in the Storage module
global.cookie = new CookieStorage(ctx.cookies)Will look into it on how we can solve this! If you have any further info or ideas let me know!
kuatro
commented
6 years ago @TriPSs I have a feeling that the problem is related to Koa caches the response for requests coming in at the same time. Still looking for the way to check this theory.
TriPSs
commented
6 years ago @kuatro Starting to suspect the same, i added a log that logs the token when processing the request. It logs the token once but the terminal and chrome both get the token.
Do you know if this is also a issue when you access it simultaneously on chrome and firefox?
TriPSs
commented
6 years ago @kuatro small update, i'm working on a project that extracted the source of esc to it's own project and i found out that this application does not have the bug.
So it is probably still something in esc.
kuatro
commented
6 years ago @TriPSs Found the way to prove that the problem isn't in Koa response cache. I've added a random number to the view, and in a moment of cookies mix-up the number was different in a browser and terminal.
Do you know if this is also a issue when you access it simultaneously on chrome and firefox?I asked my friend to help me with this experiments. It's much harder, but we got the cookies mix up several times.
TriPSs
commented
6 years ago @kuatro Could you tell me a little more on how your project uses esc? What rendering type etc.
As i'm not able to reproduce the issue in my own projects and we are in the example, maybe we can pin point it more to a certain configuration and find out what is causing it.
kuatro
commented
6 years ago @TriPSs Actually I used an ejected first version of react-esc to make our internal tool. Some of my coworkers faced the problem, and it took a time to figure out, what is going on 😄.
Then I just used react-esc-example to check if the problem still exists.
PS. Our project is a pretty regular react-redux app, which communicates with RESTful API using Axios. To authorize requests we use a token, which is stored in cookies.
PPS. Hit the wrong button, sorry
TriPSs
commented
6 years ago @kuatro I do the exact same thing with two other projects (they use esc package, they use 4.0 alpa and 3.5) and i can't reproduce it there, i also have one project that ejected the source and that one does also not contain the bug (project is ejected last week).
So i think it can take me a little while to find out why the example project has this problem.
TriPSs
commented
6 years ago @kuatro I found a solution to the problem!
It had to do with react-esc-storage, see this commit for the changes.
Plz reopen the issue if the problem still occurs after you applied these changes!
kuatro
commented
6 years ago @TriPSs Wow, I believe that was a long research. Thank you! I'll the solution a bit later.
Sessions/cookies mix up.
I'm experiencing a nasty tricky bug, and it's pretty hard to explain how to get it:
There is a page which show user's cookies (i.e
Your auth token is: 12345678) Bob has a special cookie namedtoken, which contains his authentication token (12345678). Sally doesn't have any cookies on her browser, so when she requests the page, she don't get any message.But when Bob and Sally makes requests to the page at the same time, there is a chance for Sally to get Bob's credentials (the page will display:
Your auth token is: 12345678)!Steps to reproduce using
react-esc-example:AsyncComponent.jsimport React from 'react' import PropTypes from 'prop-types' import Helmet from 'react-helmet' import { resolve } from 'react-esc-resolver' import Storage from 'react-esc-storage'
class Async extends React.Component { static propTypes = { fetchData: PropTypes.func.isRequired, jsonPlaceholder: PropTypes.object.isRequired, }
showToken () { const token = Storage.get(Storage.COOKIE, 'token')
}
render () { const { jsonPlaceholder } = this.props
} }
export default resolve('jsonPlaceholder', props => props.fetchData().then(action => action.payload))(Async)
document.cookie="token=\"12345678\""
!/bin/bash
for i in {1..20} do curl -v --silent http://localhost:3000/async 2>&1 | grep token: done