The first time it happened, I thought I was crazy and chalked it up to a glitch (i.e. “maybe it’s just showing some weird database ID for me as a user or similar”). But this time, it was pretty clearly another user’s account. The username was SLVRDRGN or something similar, had a completely different profile picture, etc…but when I went to click on the profile section to see if I had access to the account, the browser refreshed and populated with my account info.
Seems a little concerning potentially, so just thought someone should know. I will try to be faster with a screenshot if it happens again.
we’re still unsure what might be causing this, but we’ll be updating to 0.19.9 soon. maybe that’ll fix this issue.
this reply is deeply concerning.
we’re not running any modifications that would impact caching and we don’t have any custom caching logic. we’re only caching what lemmy/lemmy-ui return as cacheable, which suggests that the issue is likely in one of those services, however, i couldn’t find it in either one.
it’s also rare enough that it’s extremely difficult to troubleshoot, as we see people report this maybe once or twice every few months but without any useful information that would allow us to look into this further than trying to find bugs in related code just from the general symptom of seemingly invalid cache.
additionally, the impact of this should be fairly low, as, unless this somehow impacts private messages as well, no data would be returned that isn’t already otherwise public. with this seemingly “just” being a caching issue, there is also no risk at impersonating other users.
nonetheless i agree that this should not be happening in the first place, even if it’s rare and the impact appears limited.
There’s a reason recommendations nowadays are to use other instances than LW. Being the largest instance brings some unique situations.
that has nothing to do with this issue.
Ah then sorry, I misread your other comment about
just seeing it more frequently due to a larger number of users
It happens 10x less often on other instances that have 10x fewer people.
Not that hard to figure out, unless you have an agenda you’re trying to push.
For people reading this and wanting to know more about the agendas Serinus and I are pushing: https://lemmy.dbzer0.com/post/37200740/16522834
Oh, happy cake day!
Sounds like a caching issue. If you were logged in as them, profile would work. Feels like it’s caching personalised sections, which it should not.
I already followed various code paths to try and see where Lemmy might be setting incorrect caching headers without finding anything and nothing in the relevant code seems to have been changed between 0.19.3 and newer 0.19 releases.
I’m still unsure if we’re just seeing it more frequently due to a larger number of users and us also having a “proper” caching setup and in practice it would happen on other instances as well or whether it’s somehow something that others just don’t see due to not being on 0.19.3.
Hmm… I don’t know what would be causing this particular issue on the Cloudflare side, but the fact that lemmy.world shows
@[email protected]instead of usernames when viewed with JS disabled suggests that you should review your Cloudflare configuration… At a minimum you have their email filter enabled when it shouldn’t be; there could be other issues too.why shouldn’t the email filter be enabled?
I have to admit that it doesn’t do much for us, as the support emails we have in sidebars and posts are unfortunately federated to other instances where they’re not getting obfuscated and will be crawled there, but we do have contact emails on the website. I’m currently not aware of any issues caused by that.
It breaks readability of your site without JS. That’s particularly bad for the “old” (mlmym) UI which would otherwise be usable for basic interaction without JS entirely, but I find it annoying every time I end up loading a page from lemmy.world directly – e.g. to check federation.
That’s one of the reasons why I’m on reddthat instead of lemmy.world: old.reddthat.com works without JS.
I have seen this on lemm.ee for the past year. It’s rare but happens
I have not seen it for a while. I have not seen it for about 6 months. You may want to reach out to Sunaurus over at Lemm.ee to see if he has any info about it.
We could maybe open a thread somewhere to try to get additional evidence.
I was thinking about [email protected] , but that would probably get removed as a support question.
Maybe [email protected] ?
I’ve been seeing this for as long as I’ve been using Lemmy, I assumed it was just some known bug in the code.
That’s a recurring bug on LW for some reason
