Issue Summary

We have identified a bug concerning user access to Audience-specific pages after modifications have been made to the external identifier field. Currently, once a user is authenticated and granted access to a page, they retain this access even if an administrator alters the external identifier. Despite the change in the external identifier, the user can still view the page content unless the sessions are terminated. 

Steps to Reproduce

1. Begin by accessing your target audience-specific page in an incognito window, making sure to authenticate via the Single Sign-On (SSO) system. Please ensure that you are able to view the components designated to your user group.
2. Open a new browser or a regular window and log in as a team member 'manage.statuspage.io'.
3. As this team member, go to the "Audience Settings" of your page. From there, proceed to the "Groups" section and select the "Edit" option.
4. Next, modify the External Identifier (ID) to a different value and confirm the change by clicking the "Update" button.
5. Return to your incognito window where you logged in as a page access user and refresh the page.
6. Despite the alteration of the External Identifier, you will observe that the components designated to the page access user remain visible. This implies that they are still accessible even with the new ID.

Expected Results

We expect that the user's access will be revoked once the field is updated.

Actual Results

The users are still able to view the page components.

Workaround

We are currently guiding our customers to advise their page access users to reset their sessions and clear their browser's cookies/cache.