Webid id1.domain.com can edit profile of id2.domain.com and versa


#1

I just want to confirm that I am running into this issue (*://github.com/solid/solid/issues/153) and it is not a setup error on my part: I am not getting any errors anywhere in any case.

If I’m in the same browser, then I can log in as id1.domain.com and then as id2.domain.com and I see the public /profile/card for id1 even in my id2 browser tab. Also, when I edit it in the context (tab) of id2, I see the changes in id1’s card instead. This was unexpected, of course, since they are separate logins until I read the issue 153…

There are no Bearer Tokens in the request headers (see issue 153 above) since TLS is being used. I think it would be pragmatic to require JWT/OpenID Bearer Tokens to insure atomic sessions within the same browser since there will be many use-cases for multiple WebID-contexts in one browser.

Can anyone confirm this behavior?

– a fan of re-decentralizing the web…


#2

Hi,
Be aware of


I check it every day.
And the Release/v5.0.0 branch
https://github.com/solid/node-solid-server/commits/release/v5.0.0
when there is a commit I clone and run thru my tests


#3

Thanks. OK, I’ve been cloning from “master” and not the newest one at that. I’ll track your branch and let you know.


#4

Oh it’s not mine. I’m attempting to apply solid pods to my other projects too