Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reduce server load caused by anonymous viewing. #9059

Merged
merged 1 commit into from
Mar 17, 2019

Conversation

BenLubar
Copy link
Contributor

Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.

@Gargron
Copy link
Member

Gargron commented Oct 23, 2018

@nightpool Is this safe?

@nightpool
Copy link
Member

nightpool commented Oct 23, 2018 via email

@BenLubar
Copy link
Contributor Author

This code is live on https://mastodon.lubar.me/ if you want to play around with it.

It shouldn't be sending any cookies or showing anything that requires logging in on pages where skip_session! is called.

@ClearlyClaire
Copy link
Contributor

The added skip_session calls seem fine, but I agree with @nightpool that skip_session should probably not call expires_in itself, and that should probably be made explicitly in the caller instead.

The reason for this is that sessions aren't the only way to access private info, and tying the expires_in call to skip_session seems error-prone to me.

Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes mastodon#9035.
@Gargron Gargron merged commit c3d1594 into mastodon:master Mar 17, 2019
hiyuki2578 pushed a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes mastodon#9035.
messenjahofchrist pushed a commit to Origin-Creative/mastodon that referenced this pull request Jul 30, 2021
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes mastodon#9035.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
performance Runtime performance
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants