Zoho users beware. There appears to be a nasty bug whereby a user logs in with their own credentials, but finds themselves logged into another user's account. I have the last couple of weeks experienced that I get logged on into another account that I do not know! I can see the other account documents. Just a few minutes ago I …
Premise = argument
Premises = land/buildings etc.
I'm a pedant I admit it.
Under high load, we had a very rare race condition in a common underlying framework that caused this. Before we detected and applied a fix, our logs indicate that it impacted about 12 users.
We immediately took down the servers immediately when we detected the issue and we put in a patch. Our engineering teams are currently working on it round the clock monitoring to ensure that it will not recur.
We understand that our entire business is based on the user’s trust, and we are taking it very seriously.
A race condition indicates to me temp files... which seems to be the wrong way to handle this... WTF are they thinking? Or am I not as smart as I think I am?
session id precision?
i was working at a major uk retail bank when they first rolled out internet banking. An element of the session id was a time stamp and because the precision was too low, if two users logged on at more or less the same time they got the same session and saw the other's details. I think the incident actually made news at 10. Oh how we laughed!
> Before we detected and applied a fix, our logs indicate that it impacted about 12 users.
Not to be flippant, but that's mighty good logging you have there if it actually can be used to diagnose state that is not meant to be reached in the first place.