# ๐Ÿงช Session Isolation Testing Guide ## Test Scenario: Verify Per-User Session Isolation This guide will help you test that different users have completely isolated sessions in your IDWeekAgents app. --- ## Prerequisites โœ… App is running at: https://huggingface.co/spaces/John-jero/IDWeekAgents โœ… You have at least 2 test user accounts (from AUTH_CREDENTIALS) โœ… Two browser windows (or one normal + one incognito) --- ## Test Accounts Available Based on your AUTH_CREDENTIALS, use any two different accounts: ``` Format: username:password Example accounts (if you followed the setup): - user1:password1 - user2:password2 - doctor1:pass123 - pharmacist:stewardship ``` --- ## ๐Ÿ”ฌ Test Suite ### TEST 1: Simple Chat Isolation โœจ (Should Work Now!) **Purpose:** Verify that each user has their own chat history in Simple Chat **Steps:** 1. **Browser 1 (User A):** - Go to: https://huggingface.co/spaces/John-jero/IDWeekAgents - Login with first account (e.g., `user1:password1`) - Click on "Simple Chat" tab - Send message: `Hello, I'm User 1!` - You should see the bot's response - Send another message: `This is my private conversation` 2. **Browser 2 (User B):** - Open incognito window or different browser - Go to: https://huggingface.co/spaces/John-jero/IDWeekAgents - Login with second account (e.g., `user2:password2`) - Click on "Simple Chat" tab - **CHECK:** Chat should be EMPTY (you should NOT see User 1's messages) - Send message: `Hello, I'm User 2!` - You should see the bot's response 3. **Verify:** - โœ… Browser 1 should ONLY show User 1's messages - โœ… Browser 2 should ONLY show User 2's messages - โœ… No cross-contamination between users **Expected Result:** โœ… PASS - Each user sees only their own chat history **If it fails:** โš ๏ธ The simple chat isolation didn't work. Check console logs. --- ### TEST 2: Deployed Agent Chat Isolation โœจ (Should Work Now!) **Purpose:** Verify that deployed agent chats are isolated per user **Prerequisites:** You need at least one deployed agent in the app **Steps:** 1. **Browser 1 (User A):** - Go to "Agent Builder" tab - Build a simple agent (or use existing agent) - Deploy it by clicking "Save" - Go to "Chat Panel" tab - Select your agent from dropdown - Chat with it: `Hi, I'm testing User A` 2. **Browser 2 (User B):** - Login as different user - Go to "Chat Panel" tab - **CHECK:** The dropdown should show available agents - Select an agent - **CHECK:** Chat history should be EMPTY (no User A messages) - Chat with it: `Hi, I'm testing User B` 3. **Verify:** - โœ… Each user has separate chat history with the same agent - โœ… User B doesn't see User A's conversation **Expected Result:** โœ… PASS - Agent chats are isolated per user **If it fails:** โš ๏ธ Check if chatpanel_handle is being called correctly --- ### TEST 3: Agent Builder Isolation โš ๏ธ (May Not Work Yet) **Purpose:** Verify that agent building is isolated per user **Steps:** 1. **Browser 1 (User A):** - Go to "Agent Builder" tab - Create an agent: - Name: `User1 Agent` - Mission: `Help User 1 with tasks` - Click "Build Agent" 2. **Browser 2 (User B):** - Login as different user - Go to "Agent Builder" tab - **CHECK:** The builder should be empty or have User B's agents - **CHECK:** "Active Agents" should NOT show "User1 Agent" - Create different agent: - Name: `User2 Agent` - Mission: `Help User 2 with tasks` 3. **Verify:** - โœ… User A sees only their agents - โœ… User B sees only their agents **Expected Result:** โš ๏ธ May FAIL - This feature needs more updates (see guide) --- ### TEST 4: Concurrent User Activity ๐Ÿ”ฅ **Purpose:** Verify users can work simultaneously without interference **Steps:** 1. **Both browsers simultaneously:** - User A: Chat in Simple Chat - User B: Chat in Simple Chat at the same time - Both users send messages back and forth 2. **Verify:** - โœ… Both users can chat simultaneously - โœ… No crashes or errors - โœ… No messages mixed up between users - โœ… Each user's responses are correct and isolated **Expected Result:** โœ… PASS - Concurrent usage works smoothly --- ### TEST 5: Session Persistence **Purpose:** Verify that data persists during the session **Steps:** 1. **Browser 1 (User A):** - Chat in Simple Chat: `Message 1` - Navigate to "Agent Builder" tab - Navigate back to "Simple Chat" tab - **CHECK:** Your chat history should still be there 2. **Refresh the page:** - Refresh the browser (F5) - Login again - Go to "Simple Chat" - **CHECK:** Chat history is cleared (expected - sessions are in-memory) **Expected Result:** - โœ… Session persists during navigation - โœ… Session clears after refresh (expected behavior) --- ### TEST 6: Clear Chat Isolation **Purpose:** Verify that clearing chat only affects the current user **Steps:** 1. **Browser 1 (User A):** - Chat in Simple Chat with several messages 2. **Browser 2 (User B):** - Chat in Simple Chat with several messages 3. **Browser 1 (User A):** - Click "Clear" button (if available) - **CHECK:** Only User A's chat is cleared 4. **Browser 2 (User B):** - **CHECK:** User B's chat is still there (unchanged) **Expected Result:** โœ… PASS - Clear only affects current user --- ## ๐Ÿ“Š Test Results Template Copy and fill this out: ``` ๐Ÿงช SESSION ISOLATION TEST RESULTS Date: ___________ Tester: ___________ [ ] TEST 1: Simple Chat Isolation Status: PASS / FAIL Notes: ___________ [ ] TEST 2: Deployed Agent Chat Isolation Status: PASS / FAIL Notes: ___________ [ ] TEST 3: Agent Builder Isolation Status: PASS / FAIL / SKIPPED Notes: ___________ [ ] TEST 4: Concurrent User Activity Status: PASS / FAIL Notes: ___________ [ ] TEST 5: Session Persistence Status: PASS / FAIL Notes: ___________ [ ] TEST 6: Clear Chat Isolation Status: PASS / FAIL Notes: ___________ Overall Status: ___________ Issues Found: ___________ ``` --- ## ๐Ÿ› Troubleshooting ### Issue: Both users see the same chat **Cause:** Session isolation not working **Solution:** 1. Check browser console for errors 2. Verify AUTH_CREDENTIALS is set in HF Spaces 3. Check that you're using DIFFERENT user accounts ### Issue: "request has no attribute username" **Cause:** Authentication not enabled or user not logged in **Solution:** 1. Ensure you're logged in with valid credentials 2. Check AUTH_CREDENTIALS secret in HF Spaces settings ### Issue: App crashes with multiple users **Cause:** Race condition or thread safety issue **Solution:** 1. Check server logs in HF Spaces 2. Report the error stack trace --- ## ๐Ÿ“ˆ What to Expect ### โœ… SHOULD WORK (Implemented): - Simple Chat isolation - Deployed Agent Chat isolation - Concurrent user access - Thread-safe operations ### โš ๏ธ MAY NOT WORK YET (Needs more updates): - Agent Builder isolation - Patient data isolation - Other advanced features --- ## ๐ŸŽฏ Success Criteria **Minimum Requirements:** - โœ… TEST 1 (Simple Chat): MUST PASS - โœ… TEST 2 (Agent Chat): MUST PASS - โœ… TEST 4 (Concurrent): MUST PASS **Nice to Have:** - โœ… TEST 3, 5, 6: Would be great but may need more work --- ## ๐Ÿ“ Quick Test Script **Super Quick 2-Minute Test:** 1. Open app in 2 browsers 2. Login as user1 in browser 1 3. Login as user2 in browser 2 4. Both go to "Simple Chat" 5. Both send: "Hello from [username]" 6. Each should see ONLY their own message **If this works:** โœ… Session isolation is working! **If this fails:** โŒ Need to debug --- ## ๐Ÿ†˜ Need Help? If tests fail or you see issues: 1. **Check console logs:** - Open browser DevTools (F12) - Look for errors in Console tab 2. **Check HF Spaces logs:** - Go to your space page - Click "Logs" tab - Look for Python errors 3. **Verify setup:** - AUTH_CREDENTIALS secret is set - Using different user accounts - Both logged in successfully --- ## ๐ŸŽ‰ Expected Outcome After running these tests: - You'll know exactly what's working - You'll know what still needs work - You'll have concrete examples for debugging **Goal:** Tests 1, 2, and 4 should PASS โœ… --- Ready to test? Start with the Quick Test Script above! ๐Ÿš€