Sometimes when there are more than one person logged into the system, It's appeared to have an issue: on the profile page, it doesn't show my user but the other's. After I refresh the page, It's back to normal, shows the correct user info.
My program use access-token for authorization so I decided to respond to profile page's request with access-token in order to check if it is the same at the browser. And it turns out that sometimes it is, sometimes it's not. What may cause this problem?
// routes.js
/**
* I include this middleware just in case
* but I don't think It's the cause.
*/
app.use('/login', function(req, res, next) {
if(!req.cookies.Authorization) {
return next();
}
AccessToken.findOne(
{ where: { id: req.cookies.Authorization}},
onFoundAccessToken
);
function onFoundAccessToken(err, access_token) {
if(err || !access_token) {
return next();
}
res.redirect('/app/agenda');
}
});
/**
* profile page route handler
*/
app.get('/app/profile', function(req, res) {
var Session = app.models.Session;
AccessToken.findOne(
{ where: { id: req.cookies.Authorization}},
onFoundAccessToken
);
function onFoundAccessToken(err, accessToken) {
if(err || !accessToken) {
return res
.status(403)
.redirect('/login');
}
accessToken.user(onFoundUser);
}
function onFoundUser(err, user) {
if(err || !user) {
console.log(err || 'no user found');
}
var data = {
scripts: ['profile.js'],
user: user,
/**
* accessToken is returned to client
* in order to check if it's the same
* as the one stored in the cookie at
* the browser
*/
accessToken: req.cookies.Authorization
};
res.render('pages/profile', data);
}
});
