User settings not accurate after logout/login in front end

[BobRay]

bobray created Redmine issue ID 10536

If you log in as a user in the front end, then log out and log in as another user, $modx->getOption() gets the previous user's user settings. In fact, the original settings seem to persist through several logouts and logins for several users. Users continue to get the User Settings of the original user. Not sure if this is a problem in the Login snippet, with User Settings in the core, or with the cache.

[BobRay]

bobray submitted:

This only happens when previewing in the Manager. The user setting is stored in the $_SESSION array and isn't cleared as long as the Manager is still logged in. It seems the user setting it would be updated with a new user setting when a user logs in in the front end, but no. I don't know if it's fixable. In case it helps, the format in the $_SESSION array is: [modx.web.user.config] => Array ( [tree_root_id] => 308 )

[opengeek]

opengeek submitted:

Might be fixable, but we're going to have to fix specifics because I believe this is a side-affect of having to inherit the mgr user's ACL's when viewing other contexts anonymously. This is so permissions like view_unpublished work properly. That said there are definitely certain things that need to remain "as if browsing anonymously" and if we can identify exactly what that is, we should be able to improve this misleading "feature".