DiscourseConnect Single Sign On information cached across users
Tested on version 2.7.8 on Chrome.
In order to reproduce you need to have at least 2 users signed up/logged in via sso.
-
Go to admin
-
click on “users”
-
click on <user 1>
-
scroll down to the “DiscourseConnect Single Sign On” section
-
click on “show” to view the email passed during the sso process
-
click on “show” for the “last payload” information.
-
Now scroll up
-
click on “users”
-
click on <user 2>
-
scroll down to the “DiscourseConnect Single Sign On” section
-
Observe that both email and last payload sections are already expanded with information from user 1.
Reload the page, the 2 sections are now back to be hidden and showing the “show” buttons