feature request: concurrent multiple user support #36
Description
What problem did you meet?
I noticed that many issues in this repository revolve around the authentication process. I've also tried the workflow, where the core methods are handleSignInCallback and signIn. This flow works fine in single-user scenarios, but it easily breaks in multi-user concurrent authentication scenarios.
For example:
1. User A triggers the signIn method and is in the middle of the registration/login process. The signInSession is already set to User A's session.
2. Meanwhile, User B also initiates the signIn process. Due to the lack of resource protection mechanisms, the signInSession gets overwritten with User B's info.
3. When User A proceeds to the callback phase and triggers handleSignInCallback, this results in a "Sign-in session not found" error.
I really like the Logto project, but I see that this repository hasn’t been updated for a while. I wonder if there’s anyone following up to address this issue—it’s extremely important.
Describe what you'd like Logto to have
concurrent multiple user support of sign-in process
or
In my opinion, the backend doesn’t need to store any so-called session information at all. Performing validation in this way only forces the backend to retain too much invalid/redundant data. Instead, it would be much simpler to directly retrieve the token based on the state, code, and other callback parameters.