[英]How does qz.com display cached content while being signed in? (No Javascript)
So I've been exploring the infrastructure of many websites again recently and started examining http response headers very closely.因此,我最近再次探索了许多网站的基础架构,并开始非常仔细地检查 http 响应标头。
After doing this for so long, I felt it was was very clear that if you were logged into a website, it could not display a cached main document page from Fastly while displaying dynamic content at the same time.做了这么久,我觉得很明显,如果你登录到一个网站,它不能在显示动态内容的同时显示来自 Fastly 的缓存主文档页面。 Turns out, I was wrong.原来,我错了。
The only way I can see this being possible is serving a cached page based off of some cookie (which I feel like I read somewhere that it's not secure, but tell me if I'm wrong)我认为这是可能的唯一方法是根据一些 cookie 提供缓存页面(我觉得我在某处读到它不安全,但如果我错了,请告诉我)
Also, I understand that qz.com is a Javascript app, but I found this when I had Javascript disabled.另外,我知道 qz.com 是一个 Javascript 应用程序,但是当我禁用 Javascript 时我发现了这个。 When I had Javascript disabled and navigated around the website while signed it, it still showed an indicator that I was signed in. After disabling cookies, the sign-in indicator left.当我禁用 Javascript 并在签名时浏览网站时,它仍然显示我已登录的指示符。禁用 cookies 后,登录指示符离开。
While I was navigating to new pages after signing in, it looks like the cache is simply served based off of your cookie considering the age started at 0 after signing in and then went up.虽然我在登录后导航到新页面,但考虑到登录后年龄从 0 开始然后上升,看起来缓存只是根据您的 cookie 提供的。 (I think it reset) (我认为它重置)
If that's not the case, can anyone give me insight as to how this could be done?如果不是这样,谁能告诉我如何做到这一点?
I've read this https://www.section.io/docs/modules/varnish-cache/how-tos/dynamic-caching/ and I'm betting that the answer is somewhere written in this doc/article.我读过这篇https://www.section.io/docs/modules/varnish-cache/how-tos/dynamic-caching/我敢打赌答案写在这个文档/文章的某个地方。
Thank you!谢谢!
Hole punching is indeed a very common way to divide your HTTP response into several fragments.打孔确实是将您的 HTTP 响应分成几个片段的非常常见的方法。 These fragments are used to render non-cacheable data.这些片段用于呈现不可缓存的数据。
AJAX is a common hole punching technique, but it is done in Javascript. AJAX 是一种常见的打孔技术,但在 Javascript 中完成。
Edge Side Includes (ESI) is the server-side alternative that is supported by Varnish. Edge Side Includes (ESI)是 Varnish 支持的服务器端替代方案。
Varnish also offers other mechanisms to perform stateful logic. Varnish 还提供了其他机制来执行有状态逻辑。 I have a slide deck that describes various mechanisms to cache personalized data: https://speakerdeck.com/thijsferyn/caching-the-uncacheable-with-varnish-php-london-2020我有一个幻灯片,描述了缓存个性化数据的各种机制: https://speakerdeck.com/thijsferyn/caching-the-uncacheable-with-varnish-php-london-2020
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.