3

I did a GetVaryByCustomString that returns:

context.User.Identity.IsAuthenticated.ToString();

But I have a big problem, imagine this flow:

  1. The user(or anyone) access the home page. GetVaryByCustomString will return "false" and cache that. Every time that somebody ask if home page changed, will return 304.

  2. I login at site and go to Home Page, GetVaryByCustomString returns "true" then cache isn´t used. Every time that I go to Home Page, ASP.NET returns me 304.

  3. I logout, and go to Home Page, now GetVaryByCustomString returns 304, because of step one, but the OutputCache don´t know that the cache that I have, is from logged user.

If I press Ctrl+F5, it works, since that the problem is in browser/server, the server side cache is OK. But it return 304, and I have a logged page cached.

There is any solution? Or do I need to stop caching authenticated users?

UPDATE: I think that cache for mutable values just doesn´t work. It need that browsers do they cache by this values too....And don´t exists Vary by Cookies...

Felipe Pessoto
  • 6,855
  • 10
  • 42
  • 73
  • Personally, I recommend not caching for authenticated users (but still caching static resources for them). That's how Stack Overflow/Stack Exchange does it. – Maxim Zaslavsky Mar 14 '12 at 02:49
  • I tried to cache just at server for auth users, but it seems to have a bug, returning 304 + no-cache. Now I don´t cache for logged users and everything is ok. – Felipe Pessoto Mar 14 '12 at 03:28

2 Answers2

1

What we did eventually is what most websites including SO does: cache the page with ZERO info about current user.

Using AJAX, get who's the current user and manipulate the page according to them.

Example: follow/unfollow button on a member profile. Render the cached page with no logic of who's the current user implemented. Once the page loads, hit the server with an AJAX checking whether the current user is following or not and accordingly change the button state.

Korayem
  • 12,108
  • 5
  • 69
  • 56
0

As a workaround you might keep track that the user is already logged out, and provide different output for the user.

While it is true that you want the logged out user the same page as a user that has never logged in, still you might use the same page but add some whitespace that is anyway ignored by the browser.

You might keep track from a logged out user by the means of a cookie or session variable, however if after logging out you are immediately redirecting to the home page then you can use the MVC TempData which is perfect for that since you need only during the redirect and even after refreshing the page (and in classic ASP.Net you can use the query string instead)

EDIT: I have just realized that you base directly on the authentication system and as such it might be much harder to implement something custom like the one above, and as such I would disregard my answer, although I would still encourage you to check if you can attach a query string parameter to your urls.

However as you are in MVC if I am correct the OutputCache filter on an action method should work in conjunction with the Authorize filter even without the getvartbycustomstring and it is possible that this does not have the problem , but in case I am wrong you have the option in MVC to write a custom one.

Also you might consider the fact that anything rendered by html.renderAction is not part of the cache by default and you have to workaround it, so you might try this for a solution if your logged in version is very close to your not logged in version.

yoel halb
  • 12,188
  • 3
  • 57
  • 52
  • Actually Home Page was just a example. I need it at all pages. I think that I will need to cache just at server when user is logged in – Felipe Pessoto Mar 14 '12 at 01:25
  • If the OutputCache filter on the action methods is a solution then your problem should be solved completely – yoel halb Mar 14 '12 at 01:47