Mattermost, Inc.

Users logging into another users account

I have deployed mattermost-docker in AWS EC2 instance. I am able to access mattermost through my browser.

I have created an account as admin. And Invited few test users to check the messaging and all.

But when the test users created accounts. If I refresh my page I am logging into another users account. I do not know what to do, I have followed the steps mentioned in “Production Docker Deployment” from mattermost docs.

I want to solve this please help me through this.
Thank you.

Thanks @karthik018 for trying out Mattermost!

Are test accounts created with email/password login? How do you know you are logging into another user’s account instead of the admin account?

Thank you @jasonblais for replying.
Yes test accounts are created using email and password.

Yeah, In the teams page at the top-left it shows the user who logged in right? There when I refresh page I see the another persons name also I am able to change that persons account information like profile_picture.

When other users are not logged in, It works fine. But when another user logged in then when I refresh the page I am logging in as that person. These are the screen shots before and after refreshing.

Hmm, that is odd, I’m trying to think what might cause that. Thanks @karthik018 for reporting.

Are you and other users potentially sharing a workspace?

Yes @jasonblais we are sharing same workspace.

@jasonblais The log error message I am getting when I am facing this issue is:
{“level”:“warn”,“ts”:1577789123.4922574,“caller”:“app/channel.go:1944”,“msg”:“Failed to get membership”,“error”:“SqlChannelStore.GetMember: No channel member found for that user ID and channel ID, channel_id=jr3x8x8adp85f8otuutbmh4zfcuser_id=z8ntw36xmjbiuduy5whpfca76a,sql: no rows in result set”}

In which cases this error results.

It may be a caching issue locally, since you’re sharing the same workspace. Are you and other team members using the same browser?

Yes @jasonblais we are using the same browser. But I could not understand your reason.

Hi @karthik018, if two users log in on the same browser, then you will have access to both accounts.

Propose after using your account to log out (via Main Menu attached below) - this ensures other users on the same browser cannot access your account.

Let me know if this helps?

1 Like

Thank you for replying.
@jasonblais we are using same browser but not the same system. The other user using his/her own system to login. I used my system to login. But I am getting logged in as other user when I refresh the page in my system and the other user also facing the same problem in his system.

We are also experiencing similar issues where someone is signed in to their Mattermost, but will show up as another user when chatting with someone else. Today we had a user who had Private Channels list that belonged to another user because it knows he was not apart of any of those private channels and his private channels were gone. Doing a refresh resolved issue, but this is not good. We are utilizing Mattermost that is built in to Gitlab using Gitlab login as access to Mattermost. How does mattermost sessions identify back to individual users.

@jgude It may be a caching issue locally if you’re sharing the same workspace. Are you and other team members using the same browser?

All of our users have there own systems that are not shared with any other users. This is not a local caching issue. The last issue we had with one of our remote users on their home network was showing up as another user on-site. It seems multiple people have been reporting this. This is very concerning especially if other users are able to see someone elses private channels and communication.

Also to note this is our production and has over 200 users connected.

  • What are you running Mattermost on, e.g. HA/no, proxy config, etc.? Are there multiple servers?
  • How long has this issue existed?
  • What server version are you on?

Hi Amy,
We are running the opensource MM that is turned on via Gitlab CE. Gitlab Mattermost version 5.15.2. Our Gitlab is hosted in docker container behind a reverse nginx proxy.