Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Would using rust have prevented this issue?
Lol but no essentially somebody accidentally logged the ID for an actively logged in user (not the user ID) when an error happens. Surprising they even released a thing about this
Yeah, I wonder why any developer thought logging either the session cookie itself was a good idea. I guess they could decode it and figure out which user was having an issue? Still bizzare
Probably some automatic serialization that included the field. Someone forgot a
#[serde(skip)]!Yeah I reflected on that after I posted it, maybe it just dumped all the headers to the logs