-
-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce server load caused by anonymous viewing. #9059
Conversation
303fe53
to
d5db9d3
Compare
@nightpool Is this safe? |
I don't understand why we're coupling it to skip_session, that feels like
overloading the helper too much.
I'll have to think about safety a little bit more. at the very least, we
should make sure to add the logged in status to whatever cache key we're
sending.
…On Mon, Oct 22, 2018, 8:05 PM Eugen Rochko ***@***.***> wrote:
@nightpool <https://github.com/nightpool> Is this safe?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#9059 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAORVyto9Us_jfEIdU3tDshOGJo7D9mgks5unl1ZgaJpZM4X0ZW9>
.
|
This code is live on https://mastodon.lubar.me/ if you want to play around with it. It shouldn't be sending any cookies or showing anything that requires logging in on pages where |
d5db9d3
to
303fe53
Compare
The added The reason for this is that sessions aren't the only way to access private info, and tying the |
Do not start a session if the current user is not logged in for public-facing pages. Mark pages that don't care about sessions as publicly cacheable. Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow. Fixes mastodon#9035.
Do not start a session if the current user is not logged in for public-facing pages. Mark pages that don't care about sessions as publicly cacheable. Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow. Fixes mastodon#9035.
Do not start a session if the current user is not logged in for public-facing pages. Mark pages that don't care about sessions as publicly cacheable. Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow. Fixes mastodon#9035.
Do not start a session if the current user is not logged in for public-facing pages.
Mark pages that don't care about sessions as publicly cacheable.
Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow.
Fixes #9035.