Skip to content

Draft: fix caching for gracedb navbar

Alexander Pace requested to merge gracedb-2.21.8-1 into master

In some cases, users will navigate to the public alerts page and see a previously-cached version of the navbar. Sometimes this can be the "Please log in to see database contents" message, with the limited set of public links, or sometimes it will show the name of another LVK user who just happened to land in the cache.

Note: at no time did any users' personal contact info, or did proprietary LVK data leak to the public. As soon as a user navigated away from the public page, they would see the correct view with that users' correct permission. This behavior is a byproduct of increased caching on the public alerts page and wasn't noticed in testing.

This change uses Django's caching framework to independently store the navbar in a separate cache that is keyed to the individual users' username. If a user clicks the "logout" button via the public page, it should refresh or pull in the AnonymousUser version of the cache.

Merge request reports