On 11-10-07 11:17 AM, Asher Feldman wrote:
On Thursday, October 6, 2011, IAlex ialex.wiki@gmail.com wrote:
Le 7 oct. 2011 à 06:21, Chad a écrit :
Well we do serve the "logged out" cookie. What real purpose that serves, I don't know :)
It's to bypass the browser cache, and to not let the user see a page with it's user name at the top when he just logged out.
Couldn't deleting cookies have the same effect? If we do want to set or keep cookies on logout, do they need to be included in X-Vary-Options and bypass squid caching? We could also consider loading login/userbar stuff via javascript and allow logged in users to take advantage of squid caching provided care was taken for active editors.
- Logged in user visits [[Main Page]] we send them a Last-Modified header - User re-visits [[Main Page]], they send us an If-Modified-Since, and we send them back a 304 - User logs out and the cookie is set - User re-visits [[Main Page]], they send us an If-Modified-Since, because the logout cookie is set we ignore it and send back a 200 so that they don't re-use that previous cache that had their username in the header. - ...as a side effect even after their cache has been re-freshed with a proper anon view we still continue to ignore their requests for a 304.
It is needed the way we do things right now. But I do agree it's a little off. Bypassing squids for an anon doesn't really have much purpose. And rather than this cookie hack I think the proper way to deal with the browser's cache would be with a proper ETag. Instead of Last-Modified + Cookie we have an ETag set that includes the user's user id and perhaps user_touched. Then when they log out because the ETag is different their browser doesn't re-use the cache it had. We could deal with the lack of current ETag data by putting Last-Modified in the ETag with the extra pieces. The idea of user_touched was so that things like user demotion wouldn't leave delete links in their interface. Though that may be excessive. Then again using user_touched also would make sure that a newtalk message shows up so it may be proper. For the anon ETag we would probably use something like 'anon' if $wgShowIPinHeader is on and the ip address otherwise (so that a change in dynamic ip won't leave the old ip in their header).
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]