[Mortar Issues] Issue 108 in mortar: Last-Modified Headers Don't Respect Sessions
0 views
Skip to first unread message
mor...@googlecode.com
May 24, 2010, 4:34:38 PM5/24/10
to mortar...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 108 by charlequin: Last-Modified Headers Don't Respect Sessions
http://code.google.com/p/mortar/issues/detail?id=108
What steps will reproduce the problem?
1. Create two users, a and b.
2. Create a location c that has content only a can see.
3. Login as a.
4. View c.
5. Log out and log back in as b.
6. Navigate to the URL of c.
What is the expected output? What do you see instead?
You should see the version of c that b's permissions allow it to see, but
instead you see the original a version. This is because we send "last
modified" headers so that browsers can cache details, but these headers do
not take session into account -- they ought to check the time at which the
current session began and send that time if it's newer than the real
last-modified time.
--
You received this message because you are subscribed to the Google Groups "Mortar Issues" group.
To post to this group, send email to mortar...@googlegroups.com.
To unsubscribe from this group, send email to mortar-issue...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mortar-issues?hl=en.
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 108 by charlequin: Last-Modified Headers Don't Respect Sessions
http://code.google.com/p/mortar/issues/detail?id=108
What steps will reproduce the problem?
1. Create two users, a and b.
2. Create a location c that has content only a can see.
3. Login as a.
4. View c.
5. Log out and log back in as b.
6. Navigate to the URL of c.
What is the expected output? What do you see instead?
You should see the version of c that b's permissions allow it to see, but
instead you see the original a version. This is because we send "last
modified" headers so that browsers can cache details, but these headers do
not take session into account -- they ought to check the time at which the
current session began and send that time if it's newer than the real
last-modified time.
--
You received this message because you are subscribed to the Google Groups "Mortar Issues" group.
To post to this group, send email to mortar...@googlegroups.com.
To unsubscribe from this group, send email to mortar-issue...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mortar-issues?hl=en.
mor...@googlecode.com
Jun 27, 2010, 3:55:07 AM6/27/10
to mortar...@googlegroups.com
Comment #1 on issue 108 by ted...@tedivm.com: Last-Modified Headers Don't
Respect Sessions
http://code.google.com/p/mortar/issues/detail?id=108
I think the way to handle this is going to be by removing this feature
altogether for indexes (and possibly other dynamic files) and instead to
rely on just the etags. This won't provide much in the way of CPU savings,
as the output will still have to be calculated, but it will still save
bandwidth.
Reply all
Reply to author
Forward
0 new messages