Scenario:
We have a portal where suppliers can create collections. Each supplier logs in with their credentials, and their user session is used to track and process their actions.
- Supplier B starts creating a collection by sending a request to our CAP service.
- At the same time, Supplier A is making multiple API requests (e.g., fetching data, updating records, etc.).
- When Supplier B completes the creation process, instead of their own user email being assigned, the system mistakenly assigns Supplier A's email to the newly created collection.
This unexpected behavior suggests a race condition where user identity (possibly stored in req.user) is being overwritten or incorrectly managed during concurrent requests.
Question:
- How can we ensure that the correct user identity is maintained throughout each request lifecycle in SAP CAP?
- Could this be related to how session handling or request context is managed in CAP?
Environment:
- SAP CAP: @SAP/cds: ^7
- Database Adapter: @SAP/cds-hana: ^2
- Authentication: @SAP/xssec: ^3, passport: ^0.7.0
- HTTP Client: @SAP-cloud-sdk/http-client: ^3.20.0
- Deployment: SAP BTP Cloud Foundry
Has anyone encountered a similar issue? Any suggestions or insights would be greatly appreciated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.