Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries

* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec * now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed) There'll still be some last-modified stamps that aren't including user info properly, probably.
2010-09-20 13:42:58 -07:00
parent 2f38c9c99c
commit 64cdbe6c55
19 changed files with 50 additions and 5 deletions
--- a/lib/util.php
+++ b/lib/util.php
@@ -494,6 +494,29 @@ function common_is_real_login()
    return common_logged_in() && $_SESSION['real_login'];
 }

+/**
+ * Get a hash portion for HTTP caching Etags and such including
+ * info on the current user's session. If login/logout state changes,
+ * or we've changed accounts, or we've renamed the current user,
+ * we'll get a new hash value.
+ *
+ * This should not be considered secure information.
+ *
+ * @param User $user (optional; uses common_current_user() if left out)
+ * @return string
+ */
+function common_user_cache_hash($user=false)
+{
+    if ($user === false) {
+        $user = common_current_user();
+    }
+    if ($user) {
+        return crc32($user->id . ':' . $user->nickname);
+    } else {
+        return '0';
+    }
+}
+
 // get canonical version of nickname for comparison
 function common_canonical_nickname($nickname)
 {