[ic] [timed-build] not working for logged in users

Peter peter at pajamian.dhs.org
Tue Jul 11 20:21:13 EDT 2006


On 07/11/2006 04:53 PM, Jon Jensen wrote:
> On Tue, 11 Jul 2006, Peter wrote:
> 
>>>> [auto] implies login=1, but will still abort if no session ID cookie 
>>>> has been sent. Use force=1 to ignore cookie status.
>>>
>>>
>>> Use force=1. Grant was looking for an explanation of why that's 
>>> necessary. My answer was and remains, read the code and use force=1 
>>> and don't put user-specific data in timed builds.
>>
>>
>> The problem with using force=1 is people without cookies will loose 
>> thier session if they follow any internal links, login=1 seems to be 
>> intended to remedy this by allowing logged in users to use the cache, 
>> but only if they send a session cookie.
> 
> 
> Yes. If you consider timed builds a necessity, including for logged-in 
> users (as I do for many sites) then you need to generate links on the 
> fly so that they can contain session IDs if necessary. We do this on a 
> few sites by having a wrapper around timed-build:
> 
> [unescape-tags]
> [timed-build ...]
> Body ... ~area some/path]...</a>
> [/timed-build]
> [/unescape-tags]
> 
> so that ~area is converted to [area and the reparsed.
> 
> It would be better to build something like this into [timed-build] 
> directly but I haven't found a way I like well enough to put into the core.

This is unnecessary overhead for people who have a session cookie, 
though, overhead that [timed-build] is designed to minimise.  It would 
be better to only do this for people who don't pass a session cookie.

[timed-build] as it is currently is designed to abort (not use the 
cache) for people without a session cookie if login=1 is passed (or if 
it isn't passed, but we're discussing using login=1 or auto=1 instead of 
force=1).  Since a very small number of users don't have cookies it is 
not a big deal (imo) to have the extra overhead of aborting 
[timed-build] for those users, also since this is the documented and 
coded functionality it's best (imo) to just leave it and fix the bugs in 
it rather than to try to add more functionality to make up for it.

The bug in this case (I haven't fully tested it so I can't say for sure) 
is that $Vend::Cookie is not being set (or is being unset) for logged in 
users somewhere, so the test for $Vend::Cookie is failing and the 
[timed-build] is aborting when login=1 is passed.

Peter


More information about the interchange-users mailing list