Clearing data between logged in sessions

[mike-5345]

Hello,

I am having an issue with data persisting between separate user sessions. For example:

1. I login as user1 and navigate to a CRUD list page. I get my rows.
2. I then log out and login as user2. user2 does not have permission to access aforementioned CRUD resource. I navigate to CRUD page as user2.
3. The rows have been cached from user1's session and are immediately loaded for user2. After a second, I see the 403 notification for user2 trying to access a resource they do not have permissions for.

Not only is user2 able to access data they do not have permissions for, the data is persisted outside of ANY authenticated session.

I am sure I am missing something. How can I ensure that all data is cleared on log out? I am using the below right now in my custom authProvider but it seems like a bit of a hack.

logout: async () => {
   // other logout procedures...

    window.location.replace("/login");

    return {
      success: true,
    };
  },

[BatuhanW]

Hi mike, thanks for bringing up this one. @alicanerdurmaz debugged this and we believe we should not only invalidate auth store but, clear entire store here: https://github.com/refinedev/refine/blob/main/packages/core/src/hooks/auth/useLogout/index.ts#L90

https://tanstack.com/query/v5/docs/reference/QueryClient#queryclientclear