Skip to content

"My Data" API Uses JSF Session Instead of SPA Auth #11519

New issue
New issue
Closed
#11681
Closed
"My Data" API Uses JSF Session Instead of SPA Auth#11519
#11681
Labels
FY26 Sprint 3(2025-07-30 - 2025-08-13)Original size: 10SPAThese changes are required for the Dataverse SPASPA.Q2.1Account Page: My Data SectionSPA.Q3.2025Not related to any specific Q3 2025 featureSize: 10A percentage of a sprint. 7 hours.Type: Buga defect
Milestone
6.8
@ofahimIQSS

Description

@ofahimIQSS
ofahimIQSS
opened on May 23, 2025

Summary:
When accessing the "My Data" page via the SPA interface, the API sometimes returns data for the previously authenticated JSF user, not the currently logged-in SPA user. This leads to incorrect data being shown in the "My Data" page, including draft datasets that do not belong to the currently authenticated user.

Steps to Reproduce:

  1. Log in via JSF UI as User A.
  2. Create or confirm presence of draft datasets.
  3. Without clearing cookies or ending the JSF session, log in via SPA as User B.
  4. Navigate to the "My Data" page in the SPA.
  5. Observe the datasets listed.

Expected Result:
The page should only display datasets relevant to User B.

Actual Result:
The page displays datasets (e.g., drafts) that belong to User A, due to the API falling back on the JSF session instead of the current SPA context.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FY26 Sprint 3(2025-07-30 - 2025-08-13)Original size: 10SPAThese changes are required for the Dataverse SPASPA.Q2.1Account Page: My Data SectionSPA.Q3.2025Not related to any specific Q3 2025 featureSize: 10A percentage of a sprint. 7 hours.Type: Buga defect

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions