Open geoff1207 opened 1 year ago
aschonfeld
commented
1 year ago the different pieces of data are not tied to different logins. Once you log in you have access to any data running from that host/port. Are you spinning up your sessions with different ports?
geoff1207
commented
1 year ago Yes Two python sessions were binded to two different port. Username and password were also different between sessions.
Once login with either one account password. It can access both sessions but changing the port in the url
aschonfeld
commented
1 year ago Are you spinning them up from different processes? The authentication settings are global state. So all it does is a simple verification against the username & password you set in your .ini file or using set_auth_settings.
So essentially if you start a python console, start one D-Tale process w/ one set of credentials, then spin up another D-Tale process from the same console but with different credentials then it should get access to both since the credentials are shared and you essentially overrode them.
In that scenario I'd be interested to see if you logged out of the first session could you still log in with the first set of creds? I would think not
geoff1207
commented
1 year ago I have used two separated Jupiter notebook sessions to create the process with two port binding. I think it should in separate console, because if show the df within the same console, it will bind on the existing port instead of assigning to a new one. Please correct me if I am wrong.
I could try to use log off to check the behavior
geoff1207
commented
1 year ago I have just tested with two separate console to create two different dtale session with different credential.
I copied one of the URL to browser and login with the corresponding credential. And then without log off, change the url to access the another session. It was not required me to input any credential and allow me access the data in the other session.
I suspect browser cookie keep the login status and with any successful login status will allow us to access all dtale sessions even different credential were set
geoff1207
commented
1 year ago I have checked the auth.py
If the browser session variable logged_in and username are set, then it will not redirect to login page. And the browser session status could allow use to access any other dtale session, even credential are different
aschonfeld
commented
1 year ago So unfortunately it looks as if Flask is sharing cookies between tabs in your browser. There doesn't appear to be a solution to this other than implementing a completely different authentication mechanism. As I told someone else I think I might create a way for users to specify their own authentication mechanism because what is there now certainly isn't comprehensive enough.
I had created two separated dtale seesion with different login and password.
After login with one of the session, I could access the other session without providing the corresponding login and password