Guest page caching

arn said:
this will prevent Apache from returning a 304. And it might help. This isn't probably the best long term solution, but will narrow it down
Click to expand...
Thanks, this is fixing the problem for now. Logout is working fine with this.
Not sure what impact this will have as it completely disables 304 pages.
 
Mr. Jinx said:
Thanks, this is fixing the problem for now. Logout is working fine with this.
Not sure what impact this will have as it completely disables 304 pages.
Click to expand...
Yeah... I'm not sure it's the best long term solution. But it isolates the problem.

- Seeing as how the logout page is always the forum index, you could exclude in .htaccess that page alone in terms of unsetting the 304 response.

- I need to read more into it, but the Xenforo team might be able to figure out a better solution. It seems your browser, when it gets sent back to forum index, asks the web server if the page has been modified, and returns that it hasn't, even though you were previously logged in, and now you are logged out. The browser is then serving its local cached page (with you logged in). There may be some combination of header settings that could avoid this cc @Chris D

arn
 
@Mr. Jinx

Can you try this? Remove the .htaccess unset that you set before.

Xenforo already sets no-cache headers, so that logged in page shouldn't be cached by your browser anyway. But this adds these, so maybe it'll be more complete.

assuming your forum lives at:

Code: 
<FilesMatch "^(/)?$">
  Header set Cache-Control "no-cache, no-store, must-revalidate"
  Header set Pragma "no-cache"
  Header set Expires 0
</FilesMatch>

This adds those headers to root directory only.

If your forum lives in a subdircetory like https://xenforo.com/community/ it'll have to be different.

arn
 
Good idea, nice!
I think this can also be solved with a small add-on, sending the no-cache header only when logout it triggered.
That should fix the problem without modifying .htaccess.
 
Mr. Jinx said:
Good idea, nice!
I think this can also be solved with a small add-on, sending the no-cache header only when logout it triggered.
That should fix the problem without modifying .htaccess.
Click to expand...

Well in theory the no cache is already in place when your are logged in. So that page shouldn’t have been cached by your browser already.

So we have to pinpoint exactly why it’s not already working on some browsers.

If the latest htaccess change works we could see if there’s a header that’s missing on the current xf logged in pages.

arn
 
arn said:
Can you try this? Remove the .htaccess unset that you set before.
Click to expand...
Ok, I tried this and added the filesmatch part. My forum is in the root dir.
The index is now coming from cache again after logout, so this doesn't seem to work.
 
  • Like
Reactions: arn
Yeah... I looked into it more, and couldn't figure out why that would be happening.

In meanwhile,

Code: 
<FilesMatch "^(/)?$">
RequestHeader unset If-Modified-Since
</FilesMatch>

this is probably a reasonable work-around
 
hmm.. maybe the files match syntax is wrong. I didn't test it. in which case maybe that means the previous thing might work if the files match piece were correct.
 
Will this be fixed in the nearby future as it seems to be a general problem?

Btw, the correct FilesMatch command will not fix the problem as it also appears on other forum pages as soon as you navigate there after logging out.

Will setting a max-age for specific file type using
Code: 
Header set Cache-Control "max-age=xxxxxxx"
?
be overwritten by
Code: 
RequestHeader unset If-Modified-Since
if the latter one is applied for all files?

In this case, the problem would be even worse.[/CODE]
 
ForumGeek said:
Will this be fixed in the nearby future as it seems to be a general problem?
Click to expand...

That does not seem to be the case:

Chris D said:
It is not what we would describe as a "widespread issue" because, at best, we've had a handful of reports for it and it is not consistently reproducible on most installations that we've seen.
Click to expand...

Although we do see more people reporting the issue in this topic, it is not widespread.
And I don't agree with 'it is not consistently reproducable'. I can reprocude it every time and offered XF to take a look, but they say it is a server issue.
Anyway, I stopped playing with guest page caching as a result of this.
 
I tend to get this error when I try to log in:
Security error occurred. Please press back, refresh the page, and try again.
Click to expand...
I've tried reloading the page and it never works. It works if I clear the cache for my site and then reload it again. My cache program is part of Godaddy's website security. When I disable caching I don't have the issue so this error message is definitely related to caching. And based on what I've read here it's not just one web caching program since I don't use Litespeed nor Nginx, and it still happens.
 
Alright, it happened again. I'll describe the exact steps that led to it.

I started a thread, but before hitting the post button to post it, I just clicked on my username to log out. Then I hit the back button to go back to the previous page and then tried to log in again and I got the security error message. I've done this multiple times and each time the error message comes up. So there's at least one reliable way to reproduce the problem just in case the developers here are wondering how to do it. I'm sure there are other scenarios where this error comes up.
 
You must log in or register to reply here.

Similar threads

bzcomputers
  • Poll Poll
Guest Page Caching - Redis vs Cloudflare vs Other?
Replies
8
Views
541
MySiteGuy
MySiteGuy
nodle
Guest page caching
Replies
8
Views
686
digitalpoint
digitalpoint
nocte
  • Solved
XF 2.2 Guest page caching vs. Database replication
Replies
3
Views
456
Jeremy P
Jeremy P
jamalfree
  • Question Question
Guest page caching
Replies
1
Views
729
bzcomputers
bzcomputers
eva2000
  • Suggestion Suggestion
Compatibility for CSRF protection & Cloudflare full HTML page caching
2
Replies
30
Views
4K
digitalpoint
digitalpoint
Top Bottom