The first time it happened, I thought I was crazy and chalked it up to a glitch (i.e. “maybe it’s just showing some weird database ID for me as a user or similar”). But this time, it was pretty clearly another user’s account. The username was SLVRDRGN or something similar, had a completely different profile picture, etc…but when I went to click on the profile section to see if I had access to the account, the browser refreshed and populated with my account info.

Seems a little concerning potentially, so just thought someone should know. I will try to be faster with a screenshot if it happens again.

  • @MrKaplanMAEnglish
    124 days ago

    we’re still unsure what might be causing this, but we’ll be updating to 0.19.9 soon. maybe that’ll fix this issue.

      • @MrKaplanMAEnglish
        84 days ago

        we’re not running any modifications that would impact caching and we don’t have any custom caching logic. we’re only caching what lemmy/lemmy-ui return as cacheable, which suggests that the issue is likely in one of those services, however, i couldn’t find it in either one.

        it’s also rare enough that it’s extremely difficult to troubleshoot, as we see people report this maybe once or twice every few months but without any useful information that would allow us to look into this further than trying to find bugs in related code just from the general symptom of seemingly invalid cache.

        additionally, the impact of this should be fairly low, as, unless this somehow impacts private messages as well, no data would be returned that isn’t already otherwise public. with this seemingly “just” being a caching issue, there is also no risk at impersonating other users.

        nonetheless i agree that this should not be happening in the first place, even if it’s rare and the impact appears limited.

      • @[email protected]
        34 days ago

        There’s a reason recommendations nowadays are to use other instances than LW. Being the largest instance brings some unique situations.