Always load from shared cache problems #1676
Comments
Yes, but it could be which is why basically every reverse caching proxy disables caching in those cases. We do the same. If you want caching, don't use any authorization. Simple.
No that's not correct. If you're logged in, you never get anything from the cache unless you checked the always load from cache checkbox. |
That's what the issue is about. According to @tabcontao , he enabled always load from cache - but no cache entry is created, when an authorization header is present - even though pages are served from the cache with that configuration, if already present in the cache. |
|
Yes, that's correct. It does what the checkbox says: It always loads from cache. It will never save to it because that's potentially very dangerous. |
|
Well, activating always load from cache is dangerous too and you only do it if you know what you are doing, right? ;). If you protect a site behind authorization, but never show any user specific content, it seems valid to me to always load all pages from the cache. But those cache entries would currently never be created in the first place. |
|
Well, I checked the always load from cache checkbox because I want to use the cache although I use authorization. I thought this is the purpose of this checkbox. What else should it be good for? It may well be that other disable caching in those cases. Anyway, just thought it is a little odd. I can quite easily manage to live with the state being. I can populate the cache by e.g. temporarily blocking all other IPs and removing the access control, and load all the pages via a crawler. Their contents basically never change, There will only be additional pages added once in a while. |
|
The only purpose of this checkbox is to serve pages from the cache even though you're logged in. However, creating cache entries when you're logged in is extremely dangerous. There's no way this is going to get any support from my side. If you want to do that, you have a highly special use case and you really need to understand what you're doing. Feel free to add your own |
|
Ok, let's just forget it. |
Affected version(s)
Contao 4.9
Description
When I activate the setting "always load from shared cache" for the root page, none of my pages are cached any more. No matter if there are cookies or not. Actually, a session cookie (PHPSESSID) will be created on the first request, although there is no reason for it. This will be fixed by Fix the wrong CSRF token storage being wired #1625
After applying the fix mentioned above, pages are always loaded from shared cache. So far, so good. But, if a page request contains an authorization header and the page is not yet in the shared cache, it will not be cached. Bug or feature? I tend to think of it as a bug. Why not store the page in the shared cache? It should not contain personalized content anyway! In my very special case I protect the entire website by a HTTP basic authentication via .htaccess and .htpasswd and this prevents all my pages from being cached, although none of them contains personalized content.
I think this in not a consistent behaviour in normal cases as well. A member might be logged in and request a page. He will load it from cache if it is already cached. If it is not yet cached, his request won't change this, so he will never be able to load it from shared cache - until a guest requests the same page and it is stored in cache. From this moment the logged in member will load the page from cache. Makes not much sense IMHO. If I can load it from cache, I should also be able to store it in cache.
See also https://community.contao.org/de/showthread.php?76226-Contao-Cache-immer-quot-private-quot-kein-public-shared-Cache-m%C3%B6glich
The text was updated successfully, but these errors were encountered: