After update of HDM container a User logs in via LDAP and sees another username in the top right corner

[tuxmea]

sqlite DB:

sqlite> select * from users;
1|FOO|BAR|foo@bar|$2a$12$svvJVM.q4gwYpieurhfghß807z40ghbpiiq74r80gpb|2024-02-01 09:21:06.683785|2024-02-01 09:21:06.683785|admin
2|FOO2|BAR2|FOO2@BAR2||2024-02-01 09:23:11.898160|2024-02-01 09:23:11.898160|regular
3|FOO3|BAR3|FOO3@BAR3||2024-02-02 21:09:12.507811|2024-02-02 21:09:12.507811|regular

User FOO3 logs in and sees account data from user FOO2.

After logout and new log in user FOO3 sees his own account.

Seems to be related to HDM update as no other changes were done.

[oneiros]

There is only one scenario I can think of where this could happen. Is it possible that the update wiped the database?

Even in the case of LDAP users we save user records to the database. And the user session is bound to the database id of the user.

So the following could happen: User FOO3 signs in and gets the database ID 2. An update is installed that wipes the database. FOO2 signs in and gets the database ID 2 in the newly created database. User FOO3's session is still valid, so no new sign-in is necessery. HDM now thinks FOO3 is FOO2.

[tuxmea]

TODO: check with customer if the DB is inside the container or outside of the container.