Hello everybody,
I recently launch an app and I discover a serious issue that I canāt understand.
I am running my app in cloud run and I have an authentification method that use cookies.
Letās imagine I just started the app and the first user arrive.
When the first user login, st.session_state get 3 keys. connected
, user_id
and user_info
and the user can use the app as normal.
Now if a second user use the app, it will be connected with the first user credentials !
In my code, just after set_page_config
, as the first thing I do in the app, I use the check_authentification
function. Inside first thing first, I check if the key connected
is in session_state
:
def check_authentification():
if 'connected' in st.session_state and st.session_state["connected"]:
log("Already log")
return
log("Not yet log")
if check_cookies():
return
# ... Rest of auth
And when the second user start the app, I only log one āAlready logā. So the issue isnāt coming from the cookies.
I canāt see other explaination than āconnectedā is already in session_state
, yet it is the first thing that the app do, so the key shouldnāt exist. The second user seem to share the session_state
of the first user! I used different pc, browser and account to test and a streamlit user sended me a screenshoot of him connected to my account.
I saw some peoples getting similar issues with the use of cache. I removed all cache and the problem is still here.
Maybe my issue is from the concurency of my cloud run instance, does it need to be at 1? (Not sure what it is, Iām not a web dev or cloud eng)
Anyone have an explaination ? How to prevent session_state
being share?