Session state shared between different users

Hello, I have an app deployed as docker container in aws with nginx as reverse proxy. I am encountering a strange behaviour of the app that suddenly appears : different users using the app and sharing the same session_state , anyone could provide hints on how to address this issue would be really appreciated!

1 Like

Can you share your code and give more context to what you are expecting vs experiencing? Session state is certainly not supposed to shared between users. Are you using any caching that might need to be configured differently maybe? :slight_smile:

1 Like

I appreciate your input I have indeed implemented caching using both cache_resource for functions and cache_data for uploaded files. However, I have encountered an issue where I was seeing cached data from other users. To address this, I have implemented a temporary workaround by clearing the cache on each rerun. Although this solution ensures data privacy, it does slow down the application and prevents me from fully utilizing the benefits of caching.

For more context on the app it is available at www.microbioma16s.it and the code is available at the GitHub repository at microbiome/italiano.py at main Β· cami3/microbiome Β· GitHub . Thank you for any support!

1 Like

You can store data in session_state instead of using st.cache_xxx.

1 Like

Thank you for assistance ! In the code I use both st.session_state and st.cache_xxx and when I open different tabs in the same or different browsers I have noticed some unexpected strange cross talks of session_state. I implemented cache clearing so it seems that session_state is shared among tabs. I would highly appreciate any hint.

1 Like

st.session_state is shared aong sessions but its items / attributes are not. So st.session_state is the same object in all sessions, but st.session_state.key or st.session_stat["key"] may ot may not exist on each session and it is a different object when it does.

1 Like

Thank you for the clear explanation. I tried not to use caching at all but only st.session_state.key and the weird behaviour of seeing other users data stopped. Then, I also tried replacing st.cache_xxx with the deprecated st.cache and again the crosstalk among users data stopped. Is it somehow possible that caching using st.cache_resource or st.cache_data gives rise to crosstalk of data among users? Thank you for your assistance !|

1 Like

If you cache some data in one session and any user in any session has that cached function with the same parameters, they will see that cached data created from that first session.

If you write something to st.session_state.data in one session, that same information will not be accessible in another session. The other session will have some other object in st.session_state.data or possibly none at all.

Generally speaking, don’t cache things that you want to keep private to a specific user/session. (You can certainly pass in some kind of user id as a parameter to a cached function if you want to prevent other users from accessing the cached info, but it does start to create extra details to handle if you cache something you want to be tied to a particular session.)

1 Like

There is no crosstalk. Calling the same cached function with the same parameters will always return (maybe a copy of) the same object, regardless the session.

1 Like

in that case: what would be the best place to store an access token?

1 Like

If you have an access token you are using in your app for all users, use Secrets Management. If you ask users to provide their own API key to use during their session but not be available to other users, you’d use Session State.

1 Like

Hi, we have encountered the same issue. We are not storing session variables into cache any where. We do however use cache, albeit for a different function, which has nothing to do with state variables. We are using a list variable stored into session state which is used by the app for every user. This list is dynamically changed by user interaction. However, what has become interesting is that when one of the users changes the list on their pc, another user logged into another pc is able to see the updated list from the first user.

1 Like

Hello everybody! and sorry for returning back to this after a long time, I wanted to add some informations even if I finally stopped developing the above mentioned app, just in case the same issue happens to somebody else.
In my case, each user called cached functions with their specific uploaded data as a parameter, that was stored in session_state.key. For each session I tested on different tabs of the browser and different browsers, I uploaded different data. Nevertheless, the cached functions (using cache_resource) returned results about another session uploaded data, instead of rerunning with the specific session_state.key stored uploaded data. When using st.cache instead of st.cache_resource this behaviour stopped.
Have a great day!

1 Like