XF 1.5 Somebody else's unsent message in the editor while logged out

[dethfire]

I just got this report from a member. I think he clearly states the issue well. Seems fairly serious.

You can tell that the forum remembers unsent messages somehow, and always it doesn't work perfectly with the browsers. Well that is only slightly unpleasant, but not yet very serious.

Anyway, a moment ago I just saw the most amazing and distressing thing, because while being logged out, I opened the Math Challenge by QuantumQuest #1 thread in one tab of my browser, and I saw somebody else's unsent message in the typing window! I had just spent lot of time thinking about the thread's topic, and I know well some mathematical topics related to it, so I could easily see that this unsent message was a serious message related to the thread, and it was written by an educated person, but I could also see that it was not written by me.

 

[Mike]

Realistically, the only reason I could see something like this happening is some level of caching happening beyond what XenForo includes. I don't see totally explicit indications of this in your site's headers, though I do see non-standard header modifications (css.php has different Cache-Control and Expires settings and I see a "xf_guestid" cookie being set), so there's at least a possibility that this could be happening. If you have anything that could trigger a cached page, I would double check that first.