alanwilter
commented
3 years ago I did some investigation here and find out this ought to be sorted in the frontend side. We need something to delete all cookies/caches once logout or session timeout.
Another way to see this issue is to be in a, e.g., gene page https://dev-live.phenopolis.org/gene/ENSG00000119685, do a logout and then hit browser back button. User should NOT be able to see the whole page again.
I found this https://stackoverflow.com/questions/179355/clearing-all-cookies-with-javascript but don't know JS enough to tell you if it worths.
YuanTian1991
I've seen this with Chrome, Firefox and Safari and so far only Safari didn't show this issue.
Login as Admin and go to https://dev-live.phenopolis.org/my_patients -> admin user can see over 8K patients
logout and then login as demo, go again to https://dev-live.phenopolis.org/my_patients -> demo user will see the same as admin (instead of the only 4 allowed), this happened because of cache
The real issue here is if a client has more than one user account with different patient permissions, then she/he will have problems visualising the correct data.
@IsmailM @pontikos I don't know if it's a frontend issue or can be addressed by the backend.