The GitHub Desktop app is sending commits from a logged-off user

Question

I've posted this as an issue on the GitHub repository for the Desktop app, but I just wanted to check if anyone else has experienced this too.

Issue summary

In the GitHub Desktop GUI, when you log off from user A, then log on with user B, the new commits you make through the Desktop GUI will be registered as having been made by user A (not B).

Steps to reproduce the issue

1. In your default browser, log in to GitHub.com using one account. Let's call this account "User A".
2. On the GitHub Desktop GUI, click on File>Options>Accounts>Sign in (to GitHub.com, not Enterprise)
3. A new window will pop up saying "Sign in using browser". Click on the "Continue with browser" button.
4. In the browser, click through the options to accept the authentication request coming from the app
5. If prompted by your browser, allow it open the authentication request using the GitHub Desktop GUI.
6. Load/clone any repository. Let's call this "Repository X".
7. Make some edits to "Repository X".
8. Using the GitHub Desktop GUI, commit the changes and push them to "Repository X"'s online repository.
9. Using your browser, go to GitHub.com, access "Repository X"'s online repository and check the user responsible for its most recent commit. It should be listed as "User A".
10. Sign out of your GitHub.com account from "User A".
11. Also log out from "User A"'s account on the GitHub Desktop GUI.
12. In your browser, log in to GitHub.com using another account. Let's call this account "User B".
13. Go through the same process described in steps 2, 3, 4 and 5 to log into "User B"'s account on the GitHub Desktop GUI.
14. Load/clone any other repository. Let's call this "Repository Y".
15. Make some edits to your "Repository Y".
16. Using the GitHub Desktop GUI, commit the changes and push them to "Repository Y"'s online repository.
17. Using your browser, go to GitHub.com, access "Repository Y"'s online repository and check the user responsible for its most recent commit. It should be listed as "User A".

Expected behavior

I expect the most recent commit to "Repository Y" to be registered to "User B", since the GitHub Desktop GUI was logged in to "User B" when the commits were made.

Actual behavior

Instead, "Repository Y"'s online repository will state that the most recent commit was made by "User A" , not "User B". This is likely due to some left-over authentication files that don't get cleared out when we log out of the GitHub Desktop GUI.

Extra notes and details

I'm using GitHub Desktop 2.9.6 (x64) on Windows 10.

If you can't replicate this bug, try erasing the files in the %APP_DATA%\GitHub Desktop folder (typically, C:\Users\your_username\AppData\Roaming\GitHub Desktop) before starting with Steps 1 through 17. But please back up your files before you do this!!!!

Also, be sure to actually use two separate GitHub accounts but just one Windows user.

Main question

How can I ensure that the commits I make with the GitHub Desktop app after logging off from "User A" and logging into "User B" actually get registered as having been made by "User B" (not "User A")?

My current solution

My current solution is to just delete the whole %APPDATA%\GitHub Desktop folder. But that's a huge pain because I loose ALL of the information about the repositories that are currently on my machine and have to re-add them, one by one.

Answer 1

The account you use to push to GitHub is not necessarily related to the information that's in your commits. GitHub associates a commit with an account by the email in the commit, which is set with user.email. Usually that value is set in the Git configuration and not by GitHub Desktop, although it's possible that you could configure GitHub Desktop to override it.

If you want to configure different user information for a particular repository, you can set user.name (which is a personal name, not a username) and user.email with git config user.email MY-EMAIL (respectively user.name) in the repository.

Note that the authentication is irrelevant here because it's completely valid to push commits to a repository that were created by someone else. The authentication information is completely different from what's in your commits, and it's the latter that matters in this case.