Double User Login Across Different Machines
Double User Login Across Different Machines
Thursday 05 July 2012 11:47:17 pm - 3 replies
The Problem:
User A Logs in and is on the homepage on computer A...
in the header it says the user's name, "User A"
User B Logs in and is on the homepage on computer B...
in the header it says the user's name, "User B
User A refreshes the homepage on computer A...
in the header the user's name has changed to "User B"!
and he has the abilities that User B has.
User A has apparently been somehow logged in as User B!
Even though they're on different computers!
User A can now navigate the entire site as User B despite their never having logged in as that user.
Note:
Turning off View Cache stops the issue, but load times suffer severely.
Specs:
I'm using EzPublish 4.6.0 Beta
I'm running it on WAMP with Apache 2.2.21 and PHP 5.3.4
What can I do so that the view cache is on but user's sessions aren't carried over to other user's computers!?
Modified on Thursday 05 July 2012 11:49:50 pm by Edgar Muentes
Friday 06 July 2012 10:57:59 am
The cacheing is unaware of user-level caching by default.
What we do is set a cache block witha ttl of zero for the content that we don't want to cache (such as some menu items, etc). Then we use a key to set the specifics to make conditional caching (actually, multiple cache files. you can skip the ttl=0 and still get cache blocks unique to users
Here is an example to get you started:
<span class="line">{cache-block keys=array( $uri_string, $current_user.contentobject_id )}</span><span class="line">...</span><span class="line">{/cache-block}</span>
This example essentially creates this block separately for every user. It is example 4 from:
Please keep in mind that if you have included templates inside of other templates and start muddling with cache blocks, then you could have a situation where block B is inside of block A and even though you have conditional caching for block B, if block A is not conditional, then the end result is that block B is just a single cache block as well (only cached the time that block A was cached.
Tuesday 10 July 2012 1:14:39 am
To get you started: view templates and pagelayout templates are different beasts.
The view cache applies to view templates. It is calculated taking into account view parameters and permissions of current user. If another user from the same groups logs in, he will see view cache possibly generated earlier by anther user.
That's why you never display username in a view-template, but only in pagelayout template (and the templates included from it)
You must be logged in to post messages in this topic!