Realm NodeJS SDK returning different User

I’m experiencing some very strange behaviour with the Realm SDK for NodeJS.

I am authenticating user the Email/Password method. Upon authentication, the user is successfully returned, and I can view their _id as well as their Username and Job Role (both custom data, mapped to the ‘User’ collection, username and job_role, respectively) in the console - all correct and working as expected.

However, when then querying the current user using app.currentUser (part of the Realm SDK for NodeJS) I receive a totally un-related user in return?

See code below (excuse the excessive ‘console.log’ entries - currently debugging, and aware not secure):

This works perfectly:'/login', async function(req, res) {

  let username = req.body['email'],
    password = req.body['password'];

let credentials = Realm.Credentials.emailPassword(
try {
  const user = await realmApp.logIn(credentials);
  console.log("Successfully logged in!",;
  const customUserData = realmApp.currentUser.customData;
  res.render('loggedin.ejs', {user: user});
  return user;
} catch (err) {
  if (err instanceof Error) {
    console.error("Failed to log in", err.message);

let realm = await;


Then when querying here, I receive a totally un-related user? :

app.get('/test', function(req, res) {


  res.render('test.ejs', {user: realmApp.currentUser});

Something strange (and very un-secure) is going on here?

I should also add, that I have also implemented a ‘/logout’ route using the SDK, and it works perfectly - i.e. the user object is undefined following completion - and on logging back in with one user, the issue above is re-created?

Can anyone help - something to do with sessions? I have no idea!!