OutputCache for the user. Error while logging out
I got GetVaryByCustomString which returns:
context.User.Identity.IsAuthenticated.ToString();
But I have a big problem, imagine this thread:
-
The user (or anyone) gets access to the home page. GetVaryByCustomString will return false and cache. Every time someone asks if the homepage has changed, 304 will return.
-
I go to the site and go to the home page, GetVaryByCustomString returns "true" then the cache is not used. Every time I go to the master page, ASP.NET returns 304 for me.
-
I log out and go to the home page, now GetVaryByCustomString returns 304 because of the first step, but the OutputCache doesn't know that the cache I have is owned by the logged in user.
If I press Ctrl + F5 it works as the problem is in the browser / server, the server side cache is fine. But it returns 304 and I have a cache page registered.
Is there any solution? Or do I need to stop caching authenticated users?
UPDATE: I think the cache for mutable values โโjust doesn't work. Browsers need to cache these values โโas well ... And there is no Vari with Cookies ...
source to share
We ended up doing what most websites, including SO: cache a page with ZERO information about the current user.
Using AJAX, find out who the current user is and manage the page accordingly.
Example: follow / unfollow button on a member's profile. Display the cached page without the logic of who was currently implemented. Once the page is loaded, push to the server using AJAX checking if the current user is match or not and change the state of the button accordingly.
source to share
As a workaround, you can track that the user is already logged out and provide different results to the user.
While it is true that you want the logged out user on the same page as the user who has never logged in, you can still use the same page, but add some spaces that are ignored by the browser anyway ...
You can track the user who logged out using a cookie or session variable, however, if after logging out you are immediately redirected to the home page, you can use MVC TempData which is perfect for this as you only need during the redirect and even after refreshing the page (and in classic ASP.Net you can use a query string)
EDIT: I just realized that you are relying directly on the authentication system and as such it would be much more difficult to implement something conventional like above and as such I would ignore my answer even though I would still recommend you check if you can attach query string parameter to your urls.
However, since you are in MVC, if I am correct the OutputCache filter for the action method should work in conjunction with the authorization filter even without getvartbycustomstring, and it is quite possible that this does not have a problem, but in case I am wrong you have the option in MVC write custom.
Also you might be thinking that whatever html.renderAction renders is not part of the default cache and you have to workaround, so you can try this for a solution if your input version is very close to your logged in version.
source to share