Shadow Login: Cache Poisoning to Admin

The vulnerable profile endpoint cached user-specific state on a shared path. By carefully shaping the request headers, the admin route consumed a response that carried the wrong role. The fix is to remove personalized responses from shared caches and centralize authorization checks.