Vulnerability in EPiServer.Forms
I have an interesting issue which points to forum topics being cached and wondered if anyone had encountered this before or knows what is causing and how to resolve.
In a nutshell I have the scenario where topics seem to be disappearing and reappearing from a listview. The listview is initially populated using the method ForumHandler.Instance.GetTopics and I am using LINQ to return a subset based on a count and permissions.
The environment is multi server with a shared database. Where I had a topic that 'disappeared' it was visible on all servers except one, it has since reappeared overnight so this points to the app pool recycling and the cache being rebuilt. The topic was created several days ago and has 3 replies which were added the day after it was created. The environment is set up so that the replies would have been added on the server where it had 'disappeared' so it must have been available for the replies to have been added.
I'm using CMS 6 R2 and the latest version of Relate.
Any thoughts or suggestions greatly appreciated,
Does the topic have restricted access to some users, anonymous for example? If so, it could be that the topic list has been cached with that user's access rights, resulting in the topic not being displayed on that server.
Well the topics do have restricted access in that they are not ncessarily available to all users but we have seen this behaviour when logged in as an administrator.
Well, then imagine that the topics are currently not cached. A user with restricted access rights then browse the page, thus caching the results. If an admin browse the site after that, he will then see the cached (and restricted) result. Just a thought, but it might we worth looking into :-). I've seen a similar issue on another site running relate in the past.
Hmm that is an interesting thought and definitely one to consider. I would expect that an administrator would still be able to see the topic though, even if cached, as the administrators rights would be elevated above the restricted user's rights.