Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.5.13
-
Fix Version/s: 2.5.14
-
Component/s: Core
-
Labels:None
Description
If a connection is taken from the persistent connection pool and a COM_CHANGE_USER is sent through it immediately with a different set of credentials, the backend server can potentially reject the authentication if it sends an AuthSwitchRequest packet as a response.
This is caused by the use of the shared data structure across two different requests. As the COM_CHANGE_USER changes the active credentials to something else, the auth token sent as the response to the AuthSwitchRequest is the one in the COM_CHANGE_USER and not the one that was sent by the original COM_CHANGE_USER used to reset the persistent connection. Since the consistency can only be guaranteed for the duration of a single event, the current auth token must be stored for the duration of the COM_CHANGE_USER.