Skip to content

what are the security implications of running optimizelyClient.setUser() on the server-side rendering due to it being multi-user environment #186

Open
@iamstarkov

Description

@iamstarkov

when you run client.setUser() on the client its fine, because browser is single-user environment, so you can't share or leak user details when there is just one user.

server environment is purposefully created to handle multitude of users at the same time, so one should be very careful to not leak user details in general, or mix different users up. From my understanding I need to run optimizelyClient.setUser() for optimizely to make a decision. I worry that race condition between I setUser for one user and trying to make a decision for it, there will be setUser call happening for another user and all the decision end up mixed up and broken for both users.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions