diff options
| author | Brion Vibber <brion@pobox.com> | 2010-09-20 13:42:58 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-09-20 13:42:58 -0700 |
| commit | 64cdbe6c5578df1dc49d8e3dd72451ab0ac96bd2 (patch) | |
| tree | f5e96cf37981093e762c745cd583f75950d842f5 | |
| parent | 2f38c9c99cb10be8fab28a624fa6f64cec6c0a9b (diff) | |
Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries
* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout
For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)
There'll still be some last-modified stamps that aren't including user info properly, probably.
| -rw-r--r-- | actions/apidirectmessage.php | 1 | ||||
| -rw-r--r-- | actions/apigrouplist.php | 1 | ||||
| -rw-r--r-- | actions/apigrouplistall.php | 1 | ||||
| -rw-r--r-- | actions/apigroupmembership.php | 1 | ||||
| -rw-r--r-- | actions/apigroupshow.php | 1 | ||||
| -rw-r--r-- | actions/apistatusesshow.php | 1 | ||||
| -rw-r--r-- | actions/apisubscriptions.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinefavorites.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinefriends.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinegroup.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinehome.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinementions.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinepublic.php | 1 | ||||
| -rw-r--r-- | actions/apitimelinetag.php | 1 | ||||
| -rw-r--r-- | actions/apitimelineuser.php | 1 | ||||
| -rw-r--r-- | actions/shownotice.php | 1 | ||||
| -rw-r--r-- | lib/action.php | 15 | ||||
| -rw-r--r-- | lib/util.php | 23 | ||||
| -rw-r--r-- | plugins/Autocomplete/autocomplete.php | 1 |
19 files changed, 50 insertions, 5 deletions
diff --git a/actions/apidirectmessage.php b/actions/apidirectmessage.php index 7a0f46274..e7ea38dfa 100644 --- a/actions/apidirectmessage.php +++ b/actions/apidirectmessage.php @@ -357,6 +357,7 @@ class ApiDirectMessageAction extends ApiAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->messages[0]->created), strtotime($this->messages[$last]->created) diff --git a/actions/apigrouplist.php b/actions/apigrouplist.php index 148c802f4..319a1e424 100644 --- a/actions/apigrouplist.php +++ b/actions/apigrouplist.php @@ -213,6 +213,7 @@ class ApiGroupListAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->groups[0]->created), diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php index a8317608d..cc7cd901d 100644 --- a/actions/apigrouplistall.php +++ b/actions/apigrouplistall.php @@ -204,6 +204,7 @@ class ApiGroupListAllAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->groups[0]->created), strtotime($this->groups[$last]->created)) diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php index ffd5c7c7d..b7f3064b5 100644 --- a/actions/apigroupmembership.php +++ b/actions/apigroupmembership.php @@ -183,6 +183,7 @@ class ApiGroupMembershipAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->profiles[0]->created), diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 2998e505e..9b90e6b38 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -149,6 +149,7 @@ class ApiGroupShowAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->group->modified)) diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php index 476820a43..84f8079db 100644 --- a/actions/apistatusesshow.php +++ b/actions/apistatusesshow.php @@ -194,6 +194,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->notice->id, strtotime($this->notice->created)) diff --git a/actions/apisubscriptions.php b/actions/apisubscriptions.php index 63d65f289..749d16f06 100644 --- a/actions/apisubscriptions.php +++ b/actions/apisubscriptions.php @@ -181,6 +181,7 @@ class ApiSubscriptionsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, isset($this->ids_only) ? 'IDs' : 'Profiles', diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index 7228960c0..f5ce5d2fd 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -259,6 +259,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 40ce35979..c96391c12 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -346,6 +346,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index 7a40fd808..5138a4b5e 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -229,6 +229,7 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->group->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinehome.php b/actions/apitimelinehome.php index 27eb74169..1ceb3d902 100644 --- a/actions/apitimelinehome.php +++ b/actions/apitimelinehome.php @@ -254,6 +254,7 @@ class ApiTimelineHomeAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinementions.php b/actions/apitimelinementions.php index ed1ad20e3..354dc58b6 100644 --- a/actions/apitimelinementions.php +++ b/actions/apitimelinementions.php @@ -244,6 +244,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php index f90164288..0119b504a 100644 --- a/actions/apitimelinepublic.php +++ b/actions/apitimelinepublic.php @@ -311,6 +311,7 @@ class ApiTimelinePublicAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), strtotime($this->notices[0]->created), strtotime($this->notices[$last]->created)) diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php index c7ec172ae..712703694 100644 --- a/actions/apitimelinetag.php +++ b/actions/apitimelinetag.php @@ -232,6 +232,7 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->tag, strtotime($this->notices[0]->created), diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 17a283663..0c97aad21 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -234,6 +234,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction return '"' . implode( ':', array($this->arg('action'), + common_user_cache_hash($this->auth_user), common_language(), $this->user->id, strtotime($this->notices[0]->created), diff --git a/actions/shownotice.php b/actions/shownotice.php index 9c5d83441..86df5f9f3 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -151,6 +151,7 @@ class ShownoticeAction extends OwnerDesignAction strtotime($this->avatar->modified) : 0; return 'W/"' . implode(':', array($this->arg('action'), + common_user_cache_hash(), common_language(), $this->notice->id, strtotime($this->notice->created), diff --git a/lib/action.php b/lib/action.php index 5c4b4a7b7..5dcf78dcc 100644 --- a/lib/action.php +++ b/lib/action.php @@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit } } + $checked = false; if ($etag) { $if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null; - if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) { - header('HTTP/1.1 304 Not Modified'); - // Better way to do this? - exit(0); + if ($if_none_match) { + // If this check fails, ignore the if-modified-since below. + $checked = true; + if ($this->_hasEtag($etag, $if_none_match)) { + header('HTTP/1.1 304 Not Modified'); + // Better way to do this? + exit(0); + } } } - if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { + if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { $if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE']; $ims = strtotime($if_modified_since); if ($lm <= $ims) { diff --git a/lib/util.php b/lib/util.php index 6d2e99b2a..e0457140e 100644 --- a/lib/util.php +++ b/lib/util.php @@ -494,6 +494,29 @@ function common_is_real_login() return common_logged_in() && $_SESSION['real_login']; } +/** + * Get a hash portion for HTTP caching Etags and such including + * info on the current user's session. If login/logout state changes, + * or we've changed accounts, or we've renamed the current user, + * we'll get a new hash value. + * + * This should not be considered secure information. + * + * @param User $user (optional; uses common_current_user() if left out) + * @return string + */ +function common_user_cache_hash($user=false) +{ + if ($user === false) { + $user = common_current_user(); + } + if ($user) { + return crc32($user->id . ':' . $user->nickname); + } else { + return '0'; + } +} + // get canonical version of nickname for comparison function common_canonical_nickname($nickname) { diff --git a/plugins/Autocomplete/autocomplete.php b/plugins/Autocomplete/autocomplete.php index 5a010572f..a4e2d9baa 100644 --- a/plugins/Autocomplete/autocomplete.php +++ b/plugins/Autocomplete/autocomplete.php @@ -79,6 +79,7 @@ class AutocompleteAction extends Action function etag() { return '"' . implode(':', array($this->arg('action'), + common_user_cache_hash(), crc32($this->arg('q')), //the actual string can have funny characters in we don't want showing up in the etag $this->arg('limit'), $this->lastModified())) . '"'; |