Logout bug when Guest caching is enabled

K a M a L

Active member
Affected version
2.1,2.2
The issue described here https://xenforo.com/community/threads/guest-page-caching.164816/ has been existing for a long time with no resolution .. I tried doing some troubleshooting to see the reason behind it because it was really annoying , I found the bug is very simple
at method PageCache->getCachedPage() .. there is a call $response->replaceHeaders($result['headers']);
result header will typically look like
Code:
array (size=5)
  'X-Frame-Options' => string 'SAMEORIGIN' (length=10)
  'X-Content-Type-Options' => string 'nosniff' (length=7)
  'Last-Modified' => string 'Mon, 06 Dec 2021 02:00:48 GMT' (length=29)
  'Expires' => string 'Thu, 19 Nov 1981 08:52:00 GMT' (length=29)
  'Cache-Control' => string 'private, no-cache, max-age=0' (length=28)

Last-Modified is coming from the cached response and it is the time when the cache file was created .. user browser already have a fresh cached version of index page ( just before logout ) .. the browser will display the internal data cached after the given Last-Modified without looking at the HTML response returned from the server.
simple resolution is unsetting
unset($result['headers']['Last-Modified']);
 
Last edited:

Hristo Avramov

Active member
The issue described here https://xenforo.com/community/threads/guest-page-caching.164816/ has been existing for a long time with no resolution .. I tried doing some troubleshooting to see the reason behind it because it was really annoying , I found the bug is very simple
at method PageCache->getCachedPage() .. there is a call $response->replaceHeaders($result['headers']);
result header will typically look like
Code:
array (size=5)
  'X-Frame-Options' => string 'SAMEORIGIN' (length=10)
  'X-Content-Type-Options' => string 'nosniff' (length=7)
  'Last-Modified' => string 'Mon, 06 Dec 2021 02:00:48 GMT' (length=29)
  'Expires' => string 'Thu, 19 Nov 1981 08:52:00 GMT' (length=29)
  'Cache-Control' => string 'private, no-cache, max-age=0' (length=28)

Last-Modified is coming from the cached response and it is the time when the cache file was created .. user browser already have a fresh cached version of index page ( just before logout ) .. the browser will display the internal data cached after the given Last-Modified without looking at the HTML response returned from the server.
simple resolution is unsetting
unset($result['headers']['Last-Modified']);

Hi,

Can you explain what do I need to edit exactly? I am not very good in this.
 

hongtrang

Member
The issue described here https://xenforo.com/community/threads/guest-page-caching.164816/ has been existing for a long time with no resolution .. I tried doing some troubleshooting to see the reason behind it because it was really annoying , I found the bug is very simple
at method PageCache->getCachedPage() .. there is a call $response->replaceHeaders($result['headers']);
result header will typically look like
Code:
array (size=5)
  'X-Frame-Options' => string 'SAMEORIGIN' (length=10)
  'X-Content-Type-Options' => string 'nosniff' (length=7)
  'Last-Modified' => string 'Mon, 06 Dec 2021 02:00:48 GMT' (length=29)
  'Expires' => string 'Thu, 19 Nov 1981 08:52:00 GMT' (length=29)
  'Cache-Control' => string 'private, no-cache, max-age=0' (length=28)

Last-Modified is coming from the cached response and it is the time when the cache file was created .. user browser already have a fresh cached version of index page ( just before logout ) .. the browser will display the internal data cached after the given Last-Modified without looking at the HTML response returned from the server.
simple resolution is unsetting
unset($result['headers']['Last-Modified']);
That's exactly what I'm getting if cachePage is enabled :(
Thanks for the solution you gave. It was perfect, problem solved. Thank you very much

Hi,

Can you explain what do I need to edit exactly? I am not very good in this.
You can edit the file:
Code:
/src/XF/PageCache.php
Line: 137
PHP:
public function getCachedPage(\XF\App $app)
    {
        $cacheId = $this->getCacheId();

        $result = $this->cache->fetch($cacheId);
        if (!$result)
        {
            return null;
        }

        if (!empty($result['sessionActivity']))
        {
            $activity = $result['sessionActivity'];

            /** @var \XF\Repository\SessionActivity $activityRepo */
            $activityRepo = $app->repository('XF:SessionActivity');
            $activityRepo->updateSessionActivity(
                \XF::visitor()->user_id, $this->request->getIp(),
                $activity['controller'], $activity['action'], $activity['params'], $activity['viewState'],
                $this->request->getRobotName()
            );
        }
        unset($result['headers']['Last-Modified']); //add to
        $response = $app->response();
        $response->contentType($result['contentType'], $result['charset']);
        $response->replaceHeaders($result['headers']);
        $response->header('Expires', gmdate('D, d M Y H:i:s', $result['expires']) . ' GMT');
        $response->header('X-XF-Cache-Status', 'HIT');

        $now = \XF::$time;
        $body = str_replace($result['csrfToken'], $app['csrf.token'], $result['body']);
        $body = str_replace("now: $result[date],", "now: $now,", $body);
        // accept that some dates might be slightly off

        $response->body($body);
        
        return $response;
    }
 
Top