[Resolved] Socket UID doesn't match actual UID
-
When trying to do practically anything in the ACP, I get errors like these:
warn: [socket.io] Call to admin method ( admin.plugins.toggleActive ) blocked (accessed by uid 0)
warn: [socket.io] Call to admin method ( admin.analytics.get ) blocked (accessed by uid 0)However, reading to the users page in the ACP, the actual user ID of my admin account is 2. Furthermore, there is no user with UID 0 at all.
The above console warnings seem to be generated by line 43 of /src/socket.io/admin.js.This seems especially dangerous, considering that someone else end up with socket.uid = 2 and can do all the admin stuff it's blocking the actual admin from doing.
I am currently running the latest version of 0.5.x, pulled freshly from GitHub.
UPDATE: I asked @Dielan to test this as well, when he tried to enable a plugin the exact same warning appeared on the console:
warn: [socket.io] Call to admin method ( admin.plugins.toggleActive ) blocked (accessed by uid 0)
Noteworthy is that both of us are apparently UID 0.UPDATE 2: When editing a thread, the edit button is occasionally unresponsive, but more importantly when we try to save the edited thread a popup appears reading "You don't seem to be logged in." Is UID 0 the UID used for guests?
Subforums visible only to staff and the link to the ACP in the header do show up, though.
And no, the problem does not disappear when relogging, hard-refreshing or restarting NodeBB. -
Resolved! Turned out that when setting websockets to use a subdomain in the ACP the cookie domain isn't automatically adjusted accordingly, so the cookie
express.sidwas only available onexample.com, whilest websockets were onsocket.expample.com.Setting
cookie-domainto.example.comin config.json fixes this. -
