Summary
Viewer-specific follow state is lost when a public profile is served from cache.
Authenticated users can see incorrect follow status even though the underlying follow records are correct.
Affected Files
Root Cause
The public profile cache stores profile data that includes follow-state information.
When a cache hit occurs, the cached object is returned directly without recalculating viewer-specific follow relationships.
As a result, all viewers receive the same cached follow state regardless of their own follow history.
Reproduction
- Authenticate as a user.
- Visit another user's public profile.
- Follow one of the profile links.
- Refresh the profile while the cache remains warm.
- Observe that the follow status does not reflect the actual follow relationship.
Expected Behavior
Viewer-specific follow state should be computed for every authenticated request.
Actual Behavior
Cached responses contain stale or incorrect follow-state information.
Why This Is Difficult To Detect
Most tests focus on profile retrieval and follow functionality separately.
The issue only appears when authentication and profile caching interact simultaneously.
Production Impact
- Incorrect follow indicators
- Duplicate follow attempts
- Confusing user experience
- Inconsistent state across devices and tabs
Suggested Fix
Cache only shared profile data and compute viewer-specific follow state separately on every request.
Severity
High
Summary
Viewer-specific follow state is lost when a public profile is served from cache.
Authenticated users can see incorrect follow status even though the underlying follow records are correct.
Affected Files
Root Cause
The public profile cache stores profile data that includes follow-state information.
When a cache hit occurs, the cached object is returned directly without recalculating viewer-specific follow relationships.
As a result, all viewers receive the same cached follow state regardless of their own follow history.
Reproduction
Expected Behavior
Viewer-specific follow state should be computed for every authenticated request.
Actual Behavior
Cached responses contain stale or incorrect follow-state information.
Why This Is Difficult To Detect
Most tests focus on profile retrieval and follow functionality separately.
The issue only appears when authentication and profile caching interact simultaneously.
Production Impact
Suggested Fix
Cache only shared profile data and compute viewer-specific follow state separately on every request.
Severity
High