Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries

* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout

For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)

There'll still be some last-modified stamps that aren't including user info properly, probably.

1 files changed, 10 insertions, 5 deletions

diff --git a/lib/action.php b/lib/action.php
index 5c4b4a7b7..5dcf78dcc 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit
             }
         }
 
+        $checked = false;
         if ($etag) {
             $if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ?
               $_SERVER['HTTP_IF_NONE_MATCH'] : null;
-            if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) {
-                header('HTTP/1.1 304 Not Modified');
-                // Better way to do this?
-                exit(0);
+            if ($if_none_match) {
+                // If this check fails, ignore the if-modified-since below.
+                $checked = true;
+                if ($this->_hasEtag($etag, $if_none_match)) {
+                    header('HTTP/1.1 304 Not Modified');
+                    // Better way to do this?
+                    exit(0);
+                }
             }
         }
 
-        if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
+        if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
             $if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
             $ims = strtotime($if_modified_since);
             if ($lm <= $ims) {