- Due to a session management change (https://gitlab.com/fluidattacks/product/-/commit/1f67cd266283a8846ab8fc84ed761a3b89d2ff33) user cookies were deleted for current session.
- If a user sign-in with an existent session all cookies are deleted and an unauthorized error is propagated through all user sessions. The bug was injected on 2021/01/27 14:31 (EST).
What we’ve done
- Now the cookies are not deleted, only a notification about concurrent sessions. (https://gitlab.com/fluidattacks/product/-/commit/b8600cc80d0b4fd5142a02c7f0d71b564f68bb25)
What the impact was
- Users who tried to log in with existent sessions get unauthorized error.
What we are doing to help
- Check all user sessions to confirm if any user is affected.