Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
4.2.0, 4.3.0, 4.4.0alpha5
-
None
Description
This is not optimal at all. Instead, only the access cache of the user in question should get expired/deleted.
See kernel/content/action.php:
if ( $locationAdded ) { if ( $object->attribute( 'contentclass_id' ) == $userClassID ) { eZUser::cleanupCache(); } }
eZUser::cleanupCache():
$handler->setTimestamp( 'user-access-cache', time() ); $handler->setTimestamp( 'user-info-cache', time() );
eZUser::accessArray():
... $accessArray = $cacheFile->processCache( array( $this, 'retrieveAccessArrayFromCache' ), array( $this, 'generateAccessArrayForCache' ), null, $this->userInfoExpiry(), $userID );
eZUser::userInfoExpiry():
$expiredTimestamp = $handler->timestamp( 'user-access-cache' );
The user-access-cache expiry timestamp is also used to expire the access array cached in the HTTP session (see eZUser::accessArray() for more information). We can keep this behavior, because currently there's no API to directly clear session variables in other people's session, and I also doubt it's a good idea to do this. However, a per-user timestamp would be more optimal for this as well.