You have somewhere wrong caching for Vaadin Certification (page https://vaadin.com/learn/training/v14). I logged and able to download the Vaadin 14 certificate for “Ryan Pang
has fulfilled the requirement as
Certified Vaadin 14 Developer”. After refreshing the page I got the proper “Take Exam” button. For sure, I have no idea who is Ryan Pang. Probably, he is your registered user and I somehow got into his account cache/session.
Hi Mikhail,
thank you much for your report. We are already investigating what is going on and I will ping you back when we have found the issue.
Cheers,
Paul
Hey,
it’s me again. We are still a little confused under which circumstances this issue happens but we secured our endpoints so that users can only download their own certificates.
Investigation is going on…
Cheers,
Paul
Paul,
we secured our endpoints so that users can only download their own certificates.
I just checked, now I am not able to download other’s certificate.
I’d like to help with reproducing, I try to remember what I did:
- I logged in.
- I payed for Plus subscription.
- I assigned the payped subscription to myself.
- I need to re-login because the system did not see that I have a subscription.
- Somewhere here I got this issue.
Ok, back on this issue now. Thanks for the steps and especially that you explicitly logged out and in again (yes, it’s a pain, we are working on it).
What really bugs me are two issues. As you logged out your session was destroyed for sure. So, you ended up with a new session, got the issue but, if I understand correctly, it recovered after reloading the page. But reloading of course keeps your session alive and only kills the current UI…
And the piece of code that enhances the cached model data with the correct links is not cached at all. We normally try to avoid caching as much as possible.
Damn, this really bugs me a lot.
Damn, this really bugs me a lot.
It touches me right in the soul. Let’s think, what could happen. As I have not seen the code, I could imagine:
- Caching above backend should not be an issue. I see proper no-cache headers, CloudFlare do not cache it. Slow page loading also indicates no caches.
- I noticed AWSALB cookie. Could it be an Amazon Load Balancer issue? (I doubt: look further)
One more issue:
(Safari 13.0.4 on macOS High Sierra)
- Clear cookies. Refresh the page.
- Log-in again. The page will be with “Download” button.
- Refresh the page. The page will be with “View exam” button.
- Refresh the page again. The page will be with “Download” button again.
Look at attached screenshot. You can see that I am logged in, I have completed exam, but the system thinks that I did not.
So, probably, it is not related to ALB or your local web servers, but to the backend software part itself. Probably, in some cases the system returns the wrong ID. The steps above are reproducible, and, I hope, it will helps you a bit.
Yep, the other one you describe is known to us already and there is some bigger refactoring in the pipeline already. But we will not deploy it this year anymore 
The problem is that the subscription backend is a little slow to query it on each request and that is why we are caching the result in your session. But then again updating it is still possible under some circumstances during the session. In your screenshot you likely also noticed that your subscription type is not displayed in the profile menu.
But, that is not related to the issue with the invalid download link. This is another story and it is only about querying the DB for your certificates…