Don't show 'Recently viewed' items of other users

[pheyos]

Currently (as of 7.8), the Recently viewed items are stored in the browser's local storage and are the same for all users. This has a few implications:

1. User A can see what user B accessed earlier -> potential information leak
2. User A might not have access to the UI area that user B accessed earlier -> links end up in 404 pages. E.g.some work has been done as ML admin user and then a user without any ML permission is logged in, who can still see the ML links:

Suggestions (as a result of a slack discussion with @flash1293, @legrego and @ryankeairns)

• Reset the recently viewed items when switching users
• Allow users to clear this list
• User specific profiles might help in the future to personalize the recently viewed items, see #17888

Blocked on https://github.com/elastic/kibana/issues/17888

[elasticmachine]

Pinging @elastic/kibana-core-ui (Team:Core UI)

[monfera]

Just seconding that it is absolutely infosec related, if it's like Google Mail, running in a public library, cached and showed email subjects from my mailbox in a side bar for the next user who log into their mailbox.

Besides, it's also a UX issue for multiple reasons, for example, the "what?" feeling of when one latches onto a different ES instance where none of the cached things make sense.

Also, it should not be locally stored, as users themselves may delete dashboards etc. on another machine, leaving behind dangling dead links, which the user can't then delete (unless by erasing localStorage in dev tools).

(I'm not sure if deleting a dashboard even on the same machine by the same user removes the localStorage item but it's irrelevant as it's best removed altogether)

I think that any "recently used" list should be eraseable via a prominent UI affordance, and the user should be able to opt out of such retainment (and maybe an option for remembering throughout the session only). Also, the "recently used" list should be bound to the particular ES instance / workspace / user combo.

A quick short term workaround may be the switch from localStorage to sessionStorage.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[legrego]

A quick short term workaround may be the switch from localStorage to sessionStorage.

If we have to keep this feature in 7.8, then my vote is to move to session storage for all the reasons already outlined above. sessionStorage will be a lot less useful, but I think it's the best we can do until something like #17888 is available.

[ryankeairns]

All good ideas on possible improvements. I'll create sub-issues for short-term enhancements.

I suspect we're seeing an uptick in feedback given recent changes to the left nav, but this is not a feature that was newly introduced. It has been around and utilizing local storage since K6(?) where it originally existed on the home page. For those reasons, I think we should focus on mitigating efforts and emphasize the need for a real personalization solution.