Skip to content

Codex cached WebSocket can retain the previous account after credentials change #6513

Description

@robinbraemer

What happened?

The OpenAI-Codex cached WebSocket is keyed only by Pi session ID. If request credentials change from account A to B within the same Pi session, Pi can reuse A's authenticated socket and A's previous_response_id instead of opening a B handshake. This can route the nominal B request through A.

The behavior is present in 0.80.6 and current main (4c1861033b63a04563547ccdb5ed2bf31d4fdcd3). It reproduces without extensions and without contacting OpenAI.

Steps to reproduce

  1. Stub WebSocket with an in-process fake that records only a synthetic account claim from handshake headers and emits synthetic response IDs.
  2. Send a cached-WebSocket request with one synthetic Pi session ID and synthetic account A.
  3. Extend the context and send a second request with the same session ID and synthetic account B.
  4. Observe one handshake owned by A and A's response ID in the second request's previous_response_id.

A permanent regression can assert that A to B creates a new handshake and sends full context without A's prior response ID. Same-account requests and same-account token refresh should continue reusing the socket.

Expected behavior

Cached Codex WebSockets should be reused only when the normalized endpoint and account claim match the connection handshake owner. A real owner change should retire the old connection and continuation before opening a fresh handshake.

Version

0.80.6 (v0.80.6, 2b3fda9921b5590f285165287bd442a25817f17b) and current main (4c1861033b63a04563547ccdb5ed2bf31d4fdcd3).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions