Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

caching and partitioning of user credentials

John DeStefano john.destefano at gmail.com
Mon Jul 12 12:24:17 PDT 2010


Hi Russ,

On Mon, Jul 12, 2010 at 1:51 PM, Russ Allbery
<eagle at windlord.stanford.edu> wrote:
> What memory caching method are you using and how did you enable it?  It
> sounds like your memory caching method is not aware of either dynamic
> content or different authentication cookies for different users and hence
> is just handing out whatever page it last cached even though the
> authentication context of the user has changed.

I'm quite sure this is the case.  We had tried some memory caching in
Apache, and I believe a custom header was being appended to cache
_everything_ when it shouldn't have.  Here is an alternate
configuration; please let me know if there's still something here that
shouldn't be with regard to the scope of authentication, esp. the last
line:

## --- cache configuration ---
# this should be fairly standard and benign:
CacheEnable mem /
MCacheSize 20480
MCacheRemovalAlgorithm LRU
CacheLastModifiedFactor 0.1
CacheDefaultExpire 1
CacheMaxExpire 3600
CacheDirLength 2
## For plain HTTP:
ExpiresActive On
ExpiresByType image/gif A3600
ExpiresByType image/png A3600
ExpiresByType image/jpeg A3600
ExpiresByType text/css A3600
ExpiresByType text/javascript A3600
ExpiresByType application/x-javascript A3600
## and here's a line I want to make sure isn't doing bad things ...
## any possibility that this might cache an auth cookie?
SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png|css|js)$" cache-it
## --- end cache configuration ---

Thanks, as always,
~John



More information about the webauth-info mailing list