[ic] [timed-build] not working for logged in users
Peter
peter at pajamian.dhs.org
Tue Jul 11 21:15:25 EDT 2006
On 07/11/2006 05:54 PM, Jon Jensen wrote:
> On Tue, 11 Jul 2006, Peter wrote:
>
>>> If you consider timed builds a necessity, including for logged-in
>>> users (as I do for many sites) then you need to generate links on the
>>> fly so that they can contain session IDs if necessary. We do this on
>>> a few sites by having a wrapper around timed-build:
>>
>>
>> This is unnecessary overhead for people who have a session cookie,
>> though, overhead that [timed-build] is designed to minimise. It would
>> be better to only do this for people who don't pass a session cookie.
>>
>> [timed-build] as it is currently is designed to abort (not use the
>> cache) for people without a session cookie if login=1 is passed (or if
>> it isn't passed, but we're discussing using login=1 or auto=1 instead
>> of force=1). Since a very small number of users don't have cookies it
>> is not a big deal (imo) to have the extra overhead of aborting
>> [timed-build] for those users, also since this is the documented and
>> coded functionality it's best (imo) to just leave it and fix the bugs
>> in it rather than to try to add more functionality to make up for it.
>
> Your use case is not the same as mine, apparently. The cost to do even a
> single database query is vastly greater than the cost to interpolate
> some [area] tags. The cost to do a complex database query can be much,
> much higher, so saving that for even the relatively few logged-in users
> without cookies can be well worth the tiny cost.
Fair enough. So how about doing the best of both worlds? If there is a
session cookie there's no reason to go through and interpolate the
[area] tags. If there isn't then we can come up with some logic to do
that transparently, behind the scenes in [timed-build]?
>> The bug in this case (I haven't fully tested it so I can't say for
>> sure) is that $Vend::Cookie is not being set (or is being unset) for
>> logged in users somewhere, so the test for $Vend::Cookie is failing
>> and the [timed-build] is aborting when login=1 is passed.
>
> UserDB clears $Vend::Cookie at login time. I don't know why.
Then either that behavior should be fixed, or [timed-login] needs to be
changed so that it checks something more reliable than $Vend::Cookie.
The next step would probably be to determine if there is any other code
which relies on this strange behavior of $Vend::Cookie.
Peter
More information about the interchange-users
mailing list