On 11-10-07 11:17 AM, Asher Feldman wrote:
On Thursday, October 6, 2011, IAlex
<ialex.wiki(a)gmail.com> wrote:
Le 7 oct. 2011 à 06:21, Chad a écrit :
Well we do serve the "logged out"
cookie. What real purpose
that serves, I don't know :)
It's to bypass the browser cache, and to not
let the user see a page with
it's user name at the top when he just logged out.
Couldn't deleting
cookies have the same effect? If we do want to set or keep
cookies on logout, do they need to be included in X-Vary-Options and bypass
squid caching? We could also consider loading login/userbar stuff via
javascript and allow logged in users to take advantage of squid caching
provided care was taken for active editors.
- Logged in user visits [[Main Page]]
we send them a Last-Modified header
- User re-visits [[Main Page]], they send us an If-Modified-Since, and
we send them back a 304
- User logs out and the cookie is set
- User re-visits [[Main Page]], they send us an If-Modified-Since,
because the logout cookie is set we ignore it and send back a 200 so
that they don't re-use that previous cache that had their username in
the header.
- ...as a side effect even after their cache has been re-freshed with a
proper anon view we still continue to ignore their requests for a 304.
It is needed the way we do things right now. But I do agree it's a
little off. Bypassing squids for an anon doesn't really have much
purpose. And rather than this cookie hack I think the proper way to deal
with the browser's cache would be with a proper ETag. Instead of
Last-Modified + Cookie we have an ETag set that includes the user's user
id and perhaps user_touched. Then when they log out because the ETag is
different their browser doesn't re-use the cache it had. We could deal
with the lack of current ETag data by putting Last-Modified in the ETag
with the extra pieces.
The idea of user_touched was so that things like user demotion wouldn't
leave delete links in their interface. Though that may be excessive.
Then again using user_touched also would make sure that a newtalk
message shows up so it may be proper.
For the anon ETag we would probably use something like 'anon' if
$wgShowIPinHeader is on and the ip address otherwise (so that a change
in dynamic ip won't leave the old ip in their header).
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://daniel.friesen.name]