Other users are logging into my account even when using their own credentials

I’ve a funny problem first reported here: NOT PERMITTED [Session expired. Logging you out]

The problem is that other users are logging into my account even when using their own user credentials.

e.g. user1 is logged in, user2 logs in on different PC but name and picture shows user 1, including all account access and details. User2 appears as user1 when they’re logged in.

Details:

1. I setup ERPNext and my own user account which I’ve been using since I’ve created additional users, on 2 different occurrences.
2. I did a fresh setup of ERPNext v7
3. Setup on Ubuntu 14.04, using the latest frappe and erpnext (I updated)
4. I’ve imported data (including users and files) into ERPNext from my last setup which I had to erase due to the same problem but more severe issue (please refer to the linked topic).

I’ll appreciate some help on this as my organisations adoption depends on it. No one else has reported this problem as far as I can see.

Update

I realise now that the user logged on is the user that subsequent users who login will see. Don’t know to what point.

The problem doesnt come up on the android app.

Not sure if I could actually help, but curious how you are hosting ERPNext. What kind of server, where?

Hi @Dbone, I’m using Ubuntu 14.04 on AWS.

Update:

I. I’m back to not being able to login at all, as in my original post. I’m starting to think it could have something to do with me adjusting the session settings in Setup => Security.

I login with my PC and just see another user, then I’m automatically logged out of desk with a pop up saying:

Not Permitted

Session expired. Logging you out

You do not have enough permissions to access this resource. Please contact your manager to get access.

II. At this point I can still see my user as I’m back on the website.

III. I can still normally login on my phone without issues.

IV. My browser console shows
a. 1 unreachable code warning - before I switch to desk, or do a fresh login
unreachable code after return statement frappe-web.min.js:67:49 [2 repeats]

b. about 5 lines - between login an being kicked out:

unreachable code after return statement desk.min.js:695:49
unreachable code after return statement desk.min.js:975:187
unreachable code after return statement desk.min.js:695:49
unreachable code after return statement desk.min.js:975:187
unreachable code after return statement desk.min.js:209:703

c. Then 2 afterwards:

The connection to ws://erp.outsourcenow.us/socket.io/?EIO=3&transport=websocket&sid=eBpbXib_2K4u-1PmAAAH was interrupted while the page was loading. libs.min.js:6090:15

unreachable code after return statement desk.min.js:695:49

Clean setup, no data import seems to have solved the issue so far.

It failed again after a week of smooth sailing it failed

This can only happen if you share the user account / or you login from another tab from the same browser.

Please confirm neither is the case.

Neither is the case. It’s server side, even private browser windows, and
new browsers will behave the same.

@adam26d this seems really strange. We use ERPnext all the time our selves and no one has reported it. Can you make a quick screencast or list down the steps that someone can replicate.

Also try this, setup a 5 user trial on erpnext.com and see if you can replicate it.

Thanks for your input Rushabh. I’m changing hosts from AWS for now as recommended by multiple developers.

I’ll retry the 5 user option, though I remember only being able to use 1 user on the erpnext.com trial. Additional users required some sort of package upgrade. Please correct me if I’m wrong.

I intend to keep updating this thread for future reference til this issue is resolved.

I got the same problem too,

I already changed the passwords, and the user1 can see the profile of user 2, and when user 2 want to log on see user 3, its a random.

this is very strange, can someone give me a hint on this.

I’m not quite sure what was causing this but we got it right on our third or fourth setup and it’s never been an issue again. The only thing we changed was migrating from AWS to Digital Ocean, linode is better though.

Try
bench update —reset
bench migrate

If that fails delete your default bench directory then start afresh with

cd ~/
bench init erpnext
bench new-site yoursite
bench —site yoursite install-app erpnext

Thanks for your answer,

but ERPnext is local based on a company, and the IT department has set up a proxy server that allows the user to just browse the web through credentials,
the problem started after this proxy setting.

and other users that their computers have not been configured on the proxy server, they can log in with their credentials and view their profiles as well.

What I did was an exhaustive test with the pc with proxy and non proxy settings and my conclusion is that with the proxy config to surf the web, ERP gets confused and starts to randomize users by login,

i don’t know if Iám right, the IT department doesn’t agree with this conclusion, so maybe might have another solution or idea.

Ah… this reminds me, our very first setup was on the LAN. We had a VM on a windows PC and could access it on the internet via a public IP and that’s the last time we experienced this. The problem with this issue is that its hard to replicate but these common factors are a good point of focus.

Try setting up ERPNext directly on an Ubuntu Server using the og’ guide GitHub - frappe/bench: CLI to manage Multi-tenant deployments for Frappe apps. After which you can migrate your site to the new server and test via the proxy.

I know this doesn’t point to the specific issue but it could be a workaround. Everyone successful around here has learnt to carry a handful of those

Thankyou again.

Try setting up ERPNext directly on an Ubuntu Server using the og’ guide GitHub - frappe/bench: CLI to manage Multi-tenant deployments for Frappe apps. After which you can migrate your site to the new server and test via the proxy.

I will do it

For now they disabled the proxy and it’s working like a charm.

Soon I will install ERPNext directly on Ubunto Server and then migrate to it.

But I will not rest till find a specific solution for this one, I have to know what proxy config mess with in ErpNext on VM

Thankyou for your time @adam26d

UPDATE

Te IT department solved it using a exception on the proxy settings…
and everything works fine now
Bellow the screenshot of wher they put the exception.

I think that’s the solution for this issue for now.

this may help

no_cache = 1 is required in every .py file in the www folder of your app.

and run

bench clear-cache

Hello @rmehta and @adam26d,

I have been experiencing a change in user sessions with another user, even though they never logged into my system or shared their password. This issue has occurred randomly and is not unique to me; others in the company have reported the same problem. We are currently using Frappe/ERPNext 14 in a Docker environment. I am not sure about the exact time when this issue occurs, so I attempted to replicate it locally. However, I was unsuccessful due to my limited knowledge of when it happened.

It would be grateful if someone provide some additional details. So, I can try to trace the issue.

Thanks,
Hardik

Hi team,

I am experiencing the same issue. I am logged in as administrator using my pc, then when another using is login with a different account, suddenly the account logged in to my pc is the other account.

To add context: we are using google login with our own domain.

Thank you.