Hey all,
thank you for the numerous responses!
Am Sonntag, 29. Juni 2008 schrieb Aleksandar Lazic:
> acl anon hdr_reg(cookie) ANON
> ...
> 1.) when will the ANON cookie be killed?
I see one difficulty working with a cookie for anonymous users. Let me break this down further.
I want to minimize the number of requests made to the backend. Assume we have a first time user. It will be a guest. He does not have a cookie, yet. So I pass him to the backend just to see that it is a guest and give away an ANON cookie.
If I instead by default only give a cookie to loggedin members this guest would be served from the very first request through the (proxy) cache.
> 2.) isn't there a better way. for example based on the loginurl to make,
> this decision?
In our case I don't think using the login url will work. The url is accessible for both guests and loggedin users. Guests will see a "login right now" screen. Loggedin members will redirected to their profile. This is nothing I can change as it is a basic part of the architecture of the application.
Am Montag, 30. Juni 2008 schrieb Patrick Viet:
> cookie without a lookup cannot be reliable in a security based approach
> Lets hope that the caching proxy only accelerates and that the only
> consequence would be to bypass it and directly hit the dynamic content
> servers - loading them slighly more
Yes, the caching proxy is only there to accelerate things and to reduce load on the backend servers.
I think I will try to setup a scenario with an extra cookie for loggedin users. I'll let you know how / if it works.
Ciao
Fabio.
-- http://www.podcast.de http://twitter.com/OpenHausReceived on 2008/07/01 14:35
This archive was generated by hypermail 2.2.0 : 2008/07/01 19:16 CEST