I encountered a problem when registering new users with my application. The behavior looks like a design, but I donβt understand why.
My problem is this (and I know this is the case bit):
- A user views the login page of my site on two separate tabs in the same browser.
- On the first tab, the user logs in and is redirected correctly to my home page.
- In the second tab, the user follows my registration logic (which does not require any page refresh, all this is done with client-side code, which ends with sending the JQuery AJAX POST to the registration point in the ServiceStack RegistrationService)
Instead of creating a new user, the second user information overwrites the registered UserAuth user record, and the first user can no longer log in.
Looking at the code in ServiceStack.ServiceInterface.Auth.RegistrationService, this behavior looks 100% intentional:
var session = this.GetSession(); var newUserAuth = ToUserAuth(request); var existingUser = UserAuthRepo.GetUserAuth(session, null); var registerNewUser = existingUser == null; var user = registerNewUser ? this.UserAuthRepo.CreateUserAuth(newUserAuth, request.Password) : this.UserAuthRepo.UpdateUserAuth(existingUser, newUserAuth, request.Password);
As soon as the first user is registered, the session cookie for this user is sent with a registration request, forcing the existingUser variable in the above code to populate UserAuth for this user, which is then updated by the registered user for details.
Can someone explain why the code was written this way? And is there any way around this without replacing the RegistrationService with my own implementation?
source share