Problems with sessions

Description of the bug:

There seems to be some problems with sessions

Category/Feature it belongs to: Login

Detailed Steps to Reproduce:

  • Login via discord → Onboarding Starts
  • Cancel the onboarding
  • Press back button
  • the /login page doesn’t maintain the logged in session
  • When trying to religion from another browser via discord, the system doesn’t login and I get this error

Thanks for the find! This is indeed a bug and we are working on it. Will update this thread once this issue has been fixed. This bug has been marked under the UI category and you will be rewarded.

Please check DMs regarding prize money, rewards will be processed at the end of the bug bounty campaign! :partying_face:

Thank you :bowing_man:
Wondering why this is classified as* just* a UI bug :thinking:
Am I mistaken on the session handling?

Notice when I try to login from another browser, I get a Duplicate token found error.

When clicking back, if one goes out of the arcana domain the session storage is cleared. When this happens the user will no longer be logged in. This is the behaviour we want and is expected.

The UI reward was given because this post helped uncover an issue with which page we were returning to when going back after successfully logging into the dashboard.

Hope that helps clarify things!

Makes sense, but I didn’t go out of the arcana domain in this case.

Let me explain:

  • I logged in to the app via Safari (edit: mistyped chrome earlier)
  • I landed on the onboarding page and I pressed back button → This lands me in arcana’s login page.
  • I couldn’t login again via discord for some reason.
  • I opened Chrome and I tried to login with Discord.
  • I got the above screenshotted error. (Which mentions Duplicate token, which probably denotes session storage wasn’t cleared?)

So we use the token given by discord oauth login to query multiple servers to fetch shares of the user key using commit reveal scheme. Even on multiple logins discord returns the same token for next 30 mins which can’t be used again as that token has already been used to fetch key shares (this is to prevent any mailcious server to be able to query your key shares from other servers). That’s the duplicate token error that you see. This is expected for discord login for now.

1 Like

That makes sense, thanks for explaining

1 Like

Looks like there are some problems around sessions - Login sessions not stored properly on dashboard.arcana.network

Hi giri! Updating the bounty from UI to Low category. Please check DM regarding this as well!