|
|
|
|
|
|
by definitelyauser
741 days ago
|
|
|
> how could that possibly happen? Global singleton shared across requests, instead of request scoped. 1. [Client 1/You] Auth/write to variable (failed). 2. [Client 2/ISP] Auth/write to variable (success). 3. Verify what the result was (success) A race condition combined with a global singleton can easily explain such behavior. |
|
|
Are you describing some kind of server-side global object that statefully says a session/api key is "authenticated" and will then allow the request during that time frame? That seems like a bug you could drive container ships through. Yes I know saas s/w sucks out there but this would seem to at least be something an audit could easily flag.