V13.4.0 Using the Umbraco supplied login-status snippet, if I create two members and add them to a member group and then restrict access to a node to that member group and have one of the members login, both members then see the login-status and both see the details of the logged in member if they refresh their page! Thought I'd mention it as it's a privacy breach as well as totally unwanted. The supplied code for the Login Status snippet is:-

@inherits Umbraco.Cms.Web.Common.Views.UmbracoViewPage

@using Microsoft.AspNetCore.Http.Extensions
@using Umbraco.Cms.Web.Common.Models
@using Umbraco.Cms.Web.Website.Controllers
@using Umbraco.Extensions

@{
    var isLoggedIn = Context.User?.Identity?.IsAuthenticated ?? false;
    var logoutModel = new PostRedirectModel();
    // You can modify this to redirect to a different URL instead of the current one
    logoutModel.RedirectUrl = "/";
}

@if (isLoggedIn)
{
    <div class="login-status" style="background-color: black; color: white;">

        <p>Welcome back <strong>@Context?.User?.Identity?.Name</strong>!</p>

        @using (Html.BeginUmbracoForm<UmbLoginStatusController>("HandleLogout", new { RedirectUrl = logoutModel.RedirectUrl }))
        {
            <button type="submit" class="btn btn-primary">Log out</button>
        }

    </div>
}

It looks like a leak in the Context.User. Any thoughts how to fix this? Thanks.

Hi there! Could this be caching? I remember the old macro's had caching options and if I remember correctly, there are options to cache parts of your razor template in modern versions. Just my thought.

Depends what sort of caching I suppose. What's happening is if I log in and see the login status info, all of a sudden everyone else does too. I can't imagine this was ever the intended functionality. I'm just wondering if Context.User is correct. It seems to be leaking from one's own session into some global space. Is there an equivalent for Member maybe?

+1 for the snippet html simply being cached. Just add the "current date" or something to verify. As to why this would happen, no idea. Could it be client-side caching? I've never had Umbraco cache my razor without asking.

You're all correct, it was caching wot dun it! We were using @CodeSharePaul 's Clean Starter Kit and added the login status to the main navigation partial which is cached. PR pointed out there was a property available called "cacheByMember" which when set to "true" fixed the issue 🙂

Yep, I accidentally caused this issue by making the nav more performant by using caching. I didn't realise people would use it for more than just demoing Umbraco, but I suppose it's good to demo member stuff in Umbraco too. Luckily it was an easy one for me to help diagnose and fix. I'm looking forward to when I can release a starter kit for v14+. Just need to hear the block grid issues have all gone and I might attempt it.

If you want something breaking, let me have a go at it first 😉