Redash version: 2.0.0+b2990
We found very strange issue.
- Login with admin privileges;
- Goto user list;
- Edit name or email of different user (not self);
- All authorized users from your IP will be logged under the credentials of changed user!
What we tried to fix:
- Logout / login;
- Change REDASH_COOKIE_SECRET to invalidate cookies;
- Flush redis;
- Restart workers/server.
Nothing helps!! Everybody still login under the changed user.
But if you change IP you can login normally.
I guess that there is a problem with sessions. But I can’t understand where user session data is store.
How we can fix this?
P.S. To test this bug you can use two browsers on one PC.