Commit 64cdbe6c authored by Brion Vibber's avatar Brion Vibber

Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries

* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout

For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)

There'll still be some last-modified stamps that aren't including user info properly, probably.
parent 2f38c9c9
......@@ -357,6 +357,7 @@ class ApiDirectMessageAction extends ApiAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
strtotime($this->messages[0]->created),
strtotime($this->messages[$last]->created)
......
......@@ -213,6 +213,7 @@ class ApiGroupListAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->groups[0]->created),
......
......@@ -204,6 +204,7 @@ class ApiGroupListAllAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
strtotime($this->groups[0]->created),
strtotime($this->groups[$last]->created))
......
......@@ -183,6 +183,7 @@ class ApiGroupMembershipAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->group->id,
strtotime($this->profiles[0]->created),
......
......@@ -149,6 +149,7 @@ class ApiGroupShowAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->group->id,
strtotime($this->group->modified))
......
......@@ -194,6 +194,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->notice->id,
strtotime($this->notice->created))
......
......@@ -181,6 +181,7 @@ class ApiSubscriptionsAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
isset($this->ids_only) ? 'IDs' : 'Profiles',
......
......@@ -259,6 +259,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->notices[0]->created),
......
......@@ -346,6 +346,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->notices[0]->created),
......
......@@ -229,6 +229,7 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->group->id,
strtotime($this->notices[0]->created),
......
......@@ -254,6 +254,7 @@ class ApiTimelineHomeAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->notices[0]->created),
......
......@@ -244,6 +244,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->notices[0]->created),
......
......@@ -311,6 +311,7 @@ class ApiTimelinePublicAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
strtotime($this->notices[0]->created),
strtotime($this->notices[$last]->created))
......
......@@ -232,6 +232,7 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->tag,
strtotime($this->notices[0]->created),
......
......@@ -234,6 +234,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
return '"' . implode(
':',
array($this->arg('action'),
common_user_cache_hash($this->auth_user),
common_language(),
$this->user->id,
strtotime($this->notices[0]->created),
......
......@@ -151,6 +151,7 @@ class ShownoticeAction extends OwnerDesignAction
strtotime($this->avatar->modified) : 0;
return 'W/"' . implode(':', array($this->arg('action'),
common_user_cache_hash(),
common_language(),
$this->notice->id,
strtotime($this->notice->created),
......
......@@ -1018,17 +1018,22 @@ class Action extends HTMLOutputter // lawsuit
}
}
$checked = false;
if ($etag) {
$if_none_match = (array_key_exists('HTTP_IF_NONE_MATCH', $_SERVER)) ?
$_SERVER['HTTP_IF_NONE_MATCH'] : null;
if ($if_none_match && $this->_hasEtag($etag, $if_none_match)) {
header('HTTP/1.1 304 Not Modified');
// Better way to do this?
exit(0);
if ($if_none_match) {
// If this check fails, ignore the if-modified-since below.
$checked = true;
if ($this->_hasEtag($etag, $if_none_match)) {
header('HTTP/1.1 304 Not Modified');
// Better way to do this?
exit(0);
}
}
}
if ($lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
if (!$checked && $lm && array_key_exists('HTTP_IF_MODIFIED_SINCE', $_SERVER)) {
$if_modified_since = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
$ims = strtotime($if_modified_since);
if ($lm <= $ims) {
......
......@@ -494,6 +494,29 @@ function common_is_real_login()
return common_logged_in() && $_SESSION['real_login'];
}
/**
* Get a hash portion for HTTP caching Etags and such including
* info on the current user's session. If login/logout state changes,
* or we've changed accounts, or we've renamed the current user,
* we'll get a new hash value.
*
* This should not be considered secure information.
*
* @param User $user (optional; uses common_current_user() if left out)
* @return string
*/
function common_user_cache_hash($user=false)
{
if ($user === false) {
$user = common_current_user();
}
if ($user) {
return crc32($user->id . ':' . $user->nickname);
} else {
return '0';
}
}
// get canonical version of nickname for comparison
function common_canonical_nickname($nickname)
{
......
......@@ -79,6 +79,7 @@ class AutocompleteAction extends Action
function etag()
{
return '"' . implode(':', array($this->arg('action'),
common_user_cache_hash(),
crc32($this->arg('q')), //the actual string can have funny characters in we don't want showing up in the etag
$this->arg('limit'),
$this->lastModified())) . '"';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment