[ic] [timed-build] not working for logged in users

Peter peter at pajamian.dhs.org
Tue Jul 11 21:15:25 EDT 2006 

On 07/11/2006 05:54 PM, Jon Jensen wrote:
> On Tue, 11 Jul 2006, Peter wrote:
> 
>>> If you consider timed builds a necessity, including for logged-in 
>>> users (as I do for many sites) then you need to generate links on the 
>>> fly so that they can contain session IDs if necessary. We do this on 
>>> a few sites by having a wrapper around timed-build:
>>
>>
>> This is unnecessary overhead for people who have a session cookie, 
>> though, overhead that [timed-build] is designed to minimise.  It would 
>> be better to only do this for people who don't pass a session cookie.
>>
>> [timed-build] as it is currently is designed to abort (not use the 
>> cache) for people without a session cookie if login=1 is passed (or if 
>> it isn't passed, but we're discussing using login=1 or auto=1 instead 
>> of force=1).  Since a very small number of users don't have cookies it 
>> is not a big deal (imo) to have the extra overhead of aborting 
>> [timed-build] for those users, also since this is the documented and 
>> coded functionality it's best (imo) to just leave it and fix the bugs 
>> in it rather than to try to add more functionality to make up for it.
> 
> Your use case is not the same as mine, apparently. The cost to do even a 
> single database query is vastly greater than the cost to interpolate 
> some [area] tags. The cost to do a complex database query can be much, 
> much higher, so saving that for even the relatively few logged-in users 
> without cookies can be well worth the tiny cost.

Fair enough.  So how about doing the best of both worlds?  If there is a 
session cookie there's no reason to go through and interpolate the 
[area] tags.  If there isn't then we can come up with some logic to do 
that transparently, behind the scenes in [timed-build]?

>> The bug in this case (I haven't fully tested it so I can't say for 
>> sure) is that $Vend::Cookie is not being set (or is being unset) for 
>> logged in users somewhere, so the test for $Vend::Cookie is failing 
>> and the [timed-build] is aborting when login=1 is passed.
> 
> UserDB clears $Vend::Cookie at login time. I don't know why.

Then either that behavior should be fixed, or [timed-login] needs to be 
changed so that it checks something more reliable than $Vend::Cookie.

The next step would probably be to determine if there is any other code 
which relies on this strange behavior of $Vend::Cookie.

Peter

More information about the interchange-users mailing list