-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't serve cached pages to logged-in users #26
base: main
Are you sure you want to change the base?
Conversation
Don't serve cached pages to logged-in users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an excellent idea for the 99% case, thanks for sharing.
Would the following also work?
RewriteCond %{HTTP_COOKIE} !kirby_session
@lukasbestle yes, your snippet also works! I'll change my PR accordingly, much easier to read. Maybe it's worth to note that while testing this more thoroughly, I noticed that the RewriteCond %{QUERY_STRING} ^$ What do you think, should we also include this in the readme of staticache? I'll certainly use it in my setup :) |
Thanks for updating the PR.
It's not just visiting the login page (which creates a session because it stores a CSRF token in the session). Also other custom functionality in the site frontend could and will create a session. Kirby's PHP-based caching takes the actual use of the session into account. So even if there is an active session, a page will only be excluded from caching if the template has accessed the session (= if the response somehow depends on the session contents). In Staticache we can of course not do it in such a thorough way because we want to do as little processing on request as possible, which is the main advantage of Staticache compared to the PHP-based caching. I think it's fine to at least offer the condition added by this PR as an option. Of course it will reduce the cache hit ratio because in some false-positive cases, a request is routed to Kirby that could have been responded by Staticache. But Staticache will still be able to serve a large proportion of requests for most sites that don't heavily rely on sessions. Before we merge this PR, I think it would be good to add the same feature to the other server configs (nginx and Caddy) as well as to the simple PHP loader. Would it be possible for you to work on that?
Requests with a query string are not cached by Kirby in the first place and if there's nothing cached, Staticache can also not serve anything. Or am I mistaken? |
I don't have any experience with either nginx or caddy – so I can't contribute here. But feel free to push to this PR if you know your way around these :)
I have the following use case in mind: Imagine a page <form action="/contact?success=1" method="POST">
<input type="text" name="name"></input>
<!-- other fields -->
</form> Submitting this form would lead to <p>Hello <?= esc($_POST['name']) ?? 'there' ?>, thank you for your message!</p> I would expect the first page ( |
You are right. Kirby does cache the page without query string and that would then overshadow the requests with a query string. So we do in fact need the condition you suggested. We also need one for Kirby params (like
I can work on that, but it will take some time. My todo list is a bit long at the moment. :) |
Adds an additional
RewriteCond
to the.htaccess
that will check if a user is logged-in before serving cached files, by testing for the existence of thekirby_session
cookie.Drive-By
apacheconf
) to the snippet