Change how we compute the user_id in the session.db. #696
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…version of their GitHub auth token.
|
that sounds like a good plan. |
karlcow
added a commit
that referenced
this pull request
Sep 6, 2015
Change how we compute the user_id in the session.db.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have a theory that somehow our
user_idcomputation would be off by 1 (or so) resulting in selecting the wrong user. Possibly by restarting the app if a user was logging in? Unsure, but we know this has happened 2 or 3 times in a year. So it's rare, but very very bad.The plan here is to do away with integer ids and use a salted + hashed github access token as the user id, so it's guaranteed to be unique. And if we do have a hidden bug somewhere we'll find out because
441262a70a96g6c84339af1fb96365df485e32aa75b03e7ce7a79dcb76f48f8a590caf9066c342ce5efbbd5f75ae962f61aca0206x23b4aa5b4f0becfb6571b9+ 1 (or something, if my hunch is true) will just explode rather than select the wrong user. And maybe that will allow us to find the bug.r? @karlcow