diff options
| author | Brion Vibber <brion@pobox.com> | 2010-09-20 13:42:58 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-09-20 13:42:58 -0700 |
| commit | 64cdbe6c5578df1dc49d8e3dd72451ab0ac96bd2 (patch) | |
| tree | f5e96cf37981093e762c745cd583f75950d842f5 /lib | |
| parent | 2f38c9c99cb10be8fab28a624fa6f64cec6c0a9b (diff) | |
Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries
* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout
For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)
There'll still be some last-modified stamps that aren't including user info properly, probably.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/action.php | 15 | ||||
| -rw-r--r-- | lib/util.php | 23 |
2 files changed, 33 insertions, 5 deletions
diff --git a/lib/action.php b/lib/action.php index 5c4b4a7b7..5dcf78dcc 100644 --- a/lib/action.php +++ b/lib/action.php @@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit } } + $checked = false; if ($etag) { $if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ? $_SERVER['HTTP_IF_NONE_MATCH'] : null; - if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) { - header('HTTP/1.1 304 Not Modified'); - // Better way to do this? - exit(0); + if ($if_none_match) { + // If this check fails, ignore the if-modified-since below. + $checked = true; + if ($this->_hasEtag($etag, $if_none_match)) { + header('HTTP/1.1 304 Not Modified'); + // Better way to do this? + exit(0); + } } } - if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { + if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) { $if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE']; $ims = strtotime($if_modified_since); if ($lm <= $ims) { diff --git a/lib/util.php b/lib/util.php index 6d2e99b2a..e0457140e 100644 --- a/lib/util.php +++ b/lib/util.php @@ -494,6 +494,29 @@ function common_is_real_login() return common_logged_in() && $_SESSION['real_login']; } +/** + * Get a hash portion for HTTP caching Etags and such including + * info on the current user's session. If login/logout state changes, + * or we've changed accounts, or we've renamed the current user, + * we'll get a new hash value. + * + * This should not be considered secure information. + * + * @param User $user (optional; uses common_current_user() if left out) + * @return string + */ +function common_user_cache_hash($user=false) +{ + if ($user === false) { + $user = common_current_user(); + } + if ($user) { + return crc32($user->id . ':' . $user->nickname); + } else { + return '0'; + } +} + // get canonical version of nickname for comparison function common_canonical_nickname($nickname) { |