Earlier today we were notified of an issue where a user briefly saw another user's dashboard after signing in to Kigana.
We immediately took the production environment offline and invalidated our CDN caches while we investigated the report. Our investigation identified the cause as an interaction between a recent authentication library update and our CDN caching configuration.
Under rare circumstances, this interaction could cause a cached page to be served with incorrect session context. We implemented a fix the same day to ensure that authentication-related responses are never cached and that session handling is separated from cached application pages.
At this time we have only one confirmed report of this behavior. The issue was detected shortly after the deployment and addressed quickly.
We have added additional safeguards to our infrastructure to prevent this class of issue from occurring again.
If you have any questions or observed unexpected behavior, please contact us at support@kigana.com.
