Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reduce server load caused by anonymous viewing. #9059

Merged
merged 1 commit into from Mar 17, 2019

Conversation

@BenLubar
Copy link
Contributor

commented Oct 22, 2018

Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.

@BenLubar BenLubar force-pushed the BenLubar-PR:public_cache branch from 303fe53 to d5db9d3 Oct 22, 2018
@Gargron

This comment has been minimized.

Copy link
Member

commented Oct 23, 2018

@nightpool Is this safe?

@nightpool

This comment has been minimized.

Copy link
Collaborator

commented Oct 23, 2018

@BenLubar

This comment has been minimized.

Copy link
Contributor Author

commented Oct 23, 2018

This code is live on https://mastodon.lubar.me/ if you want to play around with it.

It shouldn't be sending any cookies or showing anything that requires logging in on pages where skip_session! is called.

@BenLubar BenLubar force-pushed the BenLubar-PR:public_cache branch from d5db9d3 to 303fe53 Oct 23, 2018
@Gargron Gargron added the performance label Oct 23, 2018
@ThibG

This comment has been minimized.

Copy link
Collaborator

commented Nov 24, 2018

The added skip_session calls seem fine, but I agree with @nightpool that skip_session should probably not call expires_in itself, and that should probably be made explicitly in the caller instead.

The reason for this is that sessions aren't the only way to access private info, and tying the expires_in call to skip_session seems error-prone to me.

app/controllers/application_controller.rb Outdated Show resolved Hide resolved
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes #9035.
@BenLubar BenLubar force-pushed the BenLubar-PR:public_cache branch from 2a2e032 to 6248f69 Mar 16, 2019
@ThibG
ThibG approved these changes Mar 17, 2019
@Gargron Gargron merged commit c3d1594 into tootsuite:master Mar 17, 2019
11 checks passed
11 checks passed
ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details
hiyuki2578 added a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
Do not start a session if the current user is not logged in for public-facing pages.

Mark pages that don't care about sessions as publicly cacheable.

Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.

Fixes tootsuite#9035.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.