Hi everyone,
Today around 10:30am (PST), I implemented some caching for this forum. The intent was to cache guest user visits to minimize slowness or downtime for logged in users in case there was a spike of visits.
Unfortunately, around 1:30pm I was informed that a user was logged in as another user.
That’s a form of session hijack, in this case accidental, where they have temporary control over another user’s account. Incorrectly configured caching can cause this and did in this case.
To address this, I reverted the change I made and logged everyone out.
Before I put any changes out to production, they will go through a 2-step process of testing locally and then on a staging instance where I try to detect problems.
This one slipped through, sorry!