Self Checks
Dify version
1.15.0
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
Bug 1 — Workspace not found:
1.Owner invites Member B via email
2.Member B accepts the invitation and joins the workspace
3.Owner removes Member B from the workspace via Members Management
4.Owner re-invites Member B using the same email address
5.Member B clicks the new invitation link
Bug 2 — Invitation link hijacked by admin session:
1.Admin is already logged in on Browser A
2.Admin sends an invitation link to Member B
3.Member B opens the invitation link in the same Browser A (where admin is already logged in)
✔️ Expected Behavior
1.Member B should be able to join the workspace successfully via the new invitation link.
2.The invitation link should either prompt Member B to log in with their own account, or show a warning that the current session belongs to a different user.
❌ Actual Behavior
(Bug 1)The invitation link shows the following error:
"workspace not found, please contact system admin to invite you to join in a workspace"
This only happens when re-inviting a previously removed member. First-time invitations work correctly. Checked tenant_account_joins table — no residual records found for the affected account. The account exists in the accounts table with status active.
(Bug 2)The browser automatically authenticates as the admin account instead of Member B. However, Member B appears as successfully joined in the members list, which is misleading and incorrect — the admin account was used to accept the invitation, not Member B's account.
Self Checks
Dify version
1.15.0
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
Bug 1 — Workspace not found:
1.Owner invites Member B via email
2.Member B accepts the invitation and joins the workspace
3.Owner removes Member B from the workspace via Members Management
4.Owner re-invites Member B using the same email address
5.Member B clicks the new invitation link
Bug 2 — Invitation link hijacked by admin session:
1.Admin is already logged in on Browser A
2.Admin sends an invitation link to Member B
3.Member B opens the invitation link in the same Browser A (where admin is already logged in)
✔️ Expected Behavior
1.Member B should be able to join the workspace successfully via the new invitation link.
2.The invitation link should either prompt Member B to log in with their own account, or show a warning that the current session belongs to a different user.
❌ Actual Behavior
(Bug 1)The invitation link shows the following error:
"workspace not found, please contact system admin to invite you to join in a workspace"
This only happens when re-inviting a previously removed member. First-time invitations work correctly. Checked tenant_account_joins table — no residual records found for the affected account. The account exists in the accounts table with status active.
(Bug 2)The browser automatically authenticates as the admin account instead of Member B. However, Member B appears as successfully joined in the members list, which is misleading and incorrect — the admin account was used to accept the invitation, not Member B's account.