[WikiEN-l] [Foundation-l] Flagged Protection update for April 29

Gregory Maxwell gmaxwell at gmail.com
Fri Apr 30 20:34:28 UTC 2010


On Fri, Apr 30, 2010 at 3:03 PM, Aryeh Gregor
<Simetrical+wikilist at gmail.com> wrote:
> On Fri, Apr 30, 2010 at 2:24 PM, William Pietri <william at scissor.com> wrote:
>> My understanding, possibly incorrect, is that we can't do that. Because
>> most pages for non-logged-in users are served from caches, most requests
>> don't make it to the point where we can easily show different versions
>> of a page based on cookie.
>
> In general, Squid does not served cached pages at all to users with
> cookies.  If it sees a cookie in the request, it just forwards it to
> the application servers.  Viewers with cookies might be logged in, and
> Squid can't tell if a cookie represents a valid login -- it has to
> give it to MediaWiki, which can check in memcached and so on.
>
> Some details of the above might be incorrect, but the general point
> remains -- you can set a cookie for an unregistered user and it will
> work as you'd like, causing the user to skip the Squid cache on all
> pages until the cookie expires.

This already happens when users edit.  Otherwise anons would never be
able to get the new messages indicator.



More information about the WikiEN-l mailing list