From 64cdbe6c5578df1dc49d8e3dd72451ab0ac96bd2 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 20 Sep 2010 13:42:58 -0700
Subject: Ticket #2750: fixes to HTTP caching behavior across login/logout
 boundaries

* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout

For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)

There'll still be some last-modified stamps that aren't including user info properly, probably.
---
 lib/action.php | 15 ++++++++++-----
 lib/util.php   | 23 +++++++++++++++++++++++
 2 files changed, 33 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/action.php b/lib/action.php
index 5c4b4a7b7..5dcf78dcc 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit
             }
         }
 
+        $checked = false;
         if ($etag) {
             $if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ?
               $_SERVER['HTTP_IF_NONE_MATCH'] : null;
-            if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) {
-                header('HTTP/1.1 304 Not Modified');
-                // Better way to do this?
-                exit(0);
+            if ($if_none_match) {
+                // If this check fails, ignore the if-modified-since below.
+                $checked = true;
+                if ($this->_hasEtag($etag, $if_none_match)) {
+                    header('HTTP/1.1 304 Not Modified');
+                    // Better way to do this?
+                    exit(0);
+                }
             }
         }
 
-        if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
+        if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
             $if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
             $ims = strtotime($if_modified_since);
             if ($lm <= $ims) {
diff --git a/lib/util.php b/lib/util.php
index 6d2e99b2a..e0457140e 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -494,6 +494,29 @@ function common_is_real_login()
     return common_logged_in() && $_SESSION['real_login'];
 }
 
+/**
+ * Get a hash portion for HTTP caching Etags and such including
+ * info on the current user's session. If login/logout state changes,
+ * or we've changed accounts, or we've renamed the current user,
+ * we'll get a new hash value.
+ *
+ * This should not be considered secure information.
+ *
+ * @param User $user (optional; uses common_current_user() if left out)
+ * @return string
+ */
+function common_user_cache_hash($user=false)
+{
+    if ($user === false) {
+        $user = common_current_user();
+    }
+    if ($user) {
+        return crc32($user->id . ':' . $user->nickname);
+    } else {
+        return '0';
+    }
+}
+
 // get canonical version of nickname for comparison
 function common_canonical_nickname($nickname)
 {
-- 
cgit v1.2.3-54-g00ecf