New Bug Encountered: Failure of security filters - confused login identity

Appear to have uncovered a possible bug. For demonstration purposes I login to an application using a personal gmail account. At first everything works fine. Then at some point (possibly after a sync) the security filters fail and I start seeing products and documents that should only be seen under my work email login.

This is during a single session using Chrome as the browser.

It may have something to do with Chrome thinking I am using my work email persona, while logged in under a different email when using the AppSheet app. AppSheet may be getting confused and hence the failure of the security-filters (mid-session), showing me the wrong products and documents. The quick-fix is to log-out and log-back in, but this only lasts a while.

Suggestion from AppSheet is to clear the cache of the Chrome Browser. But does that need to occur every time I login as someone else?

Has anyone else experienced this problem?

Chrome specifics are in screen-shot below.
Screenshot 2021-04-21 at 16.41.35

Machine is an Apple MacBook Pro
Screenshot 2021-04-21 at 16.43.42

Thank you in advance

Yep.

Pretty much.

1 Like

Many thanks @Steve for confirming my suspicions. Surely if you are authenticated as a specific user when starting the application, AppSheet should not start treating you as a different user mid-way through the session.

Isn’t this a security breach?

The applications built are multi-tenanted and this appears to run the risk of displaying someone else’s data (controlled by the security filters) if they happen to use the same device (e.g. hot-desking at a PC).

That cannot be correct?

The app just uses whatever identity Chrome provides.

“Hot-desking” is the bigger security threat.

1 Like