Skip to content

Per-OS-User + Per-RSI-Account Session Pinning #122

Open
Open
Per-OS-User + Per-RSI-Account Session Pinning#122
Labels
channel/alphaTargets the alpha release channel (early testing)channel/betaTargets the beta release channel (pre-release, opted-in users)channel/liveTargets the live release channel (stable, end-user-facing)channel/rcTargets the rc (release candidate) channel — final stabilization before livesurface/tray-whats-newsurface/web-roadmap
@ntatschner

Description

@ntatschner
ntatschner
opened on May 27, 2026

Problem

On a shared machine (multi-user Windows install, family gaming PC), the tray can silently inherit a previously-paired session into a different OS user's context. The same problem exists when a user re-links a different RSI account — the tray may continue running under the old session-pinning without prompting for re-auth.

Approach

Bind every active session to the triple (OS user, StarStats account, RSI account). On any change to any of the three, force re-auth or surface a "session changed" prompt.

Prevents:

  • account mix-ups on shared machines
  • silent session inheritance after an RSI re-link
  • one StarStats account capturing another's events when the tray is left running

Acceptance criteria

  • Session pinning triple persisted in the OS keychain alongside the existing cookie
  • Any element of the triple changing triggers a session_changed UI prompt
  • Prompt offers: "re-authenticate" / "sign out" / "this is correct, continue"
  • Audit-log entry on each session-pin transition
  • Multi-user Windows test: switching OS users while tray is running surfaces the prompt
  • RSI re-link test: linking a different RSI handle surfaces the prompt

Risks / Open questions

  • OS user identifier portability — Windows SID vs Linux UID vs macOS uid differ; need a stable cross-platform key
  • False-positive prompts after legitimate password rotations / RSI handle rename
  • Keychain access pattern under fast OS-user switching on Windows (the secure store may briefly be unavailable)
  • Backward-compat: existing devices have no triple stored — first run after upgrade needs a one-time prompt to set it
Original draft notes

Bind every active session to the triple (OS user, StarStats account, RSI account). On any change to any of the three, force re-auth or surface a "session changed" prompt. Prevents account mix-ups on shared machines and silent session inheritance after an RSI re-link.

Tracking

Metadata

Metadata

Assignees

No one assigned

    Labels

    channel/alphaTargets the alpha release channel (early testing)channel/betaTargets the beta release channel (pre-release, opted-in users)channel/liveTargets the live release channel (stable, end-user-facing)channel/rcTargets the rc (release candidate) channel — final stabilization before livesurface/tray-whats-newsurface/web-roadmap

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions