Sadly we were not able to pinpoint the cause of the issue. Only thing I can intuitively point to is that we were hosting ERPNext on a local network.
For future posters on this thread, including you @kptdaaron, please mention your hosting/network as well, and whether there’s something unusual about it.
Overtime a trend should appear and bring us closer to the issue. I’d also like to look at the logs in bench/sites/<site-name>/logs
We have also experienced this. My user had never been logged in on the device, yet when the other user opened ERPNext (As a PWA on Windows 11), they were logged into my account with full access to the account.
We are using LDAP authentication.
ERPNext: v15.54.4 (version-15)
Frappe Framework: v15.58.1 (version-15)
Frappe HR: v16.0.0-dev (develop)
Someone else mentioned a very similar problem recently:
Given the sensitivity of some of the data stored in ERPNext (think employee personal data), this issue should be investigated urgently. Does anyone know if the developers are aware and if so, looking into this? What can we do to help?
my guess is that it might have something to do with cookies. i never got to the bottom of it though.
fortunately (for me), haven’t had this problem since. its a problem when we dont know how to reproduce an issue on demand.