简体繁体 English

qz.com在登录时如何显示缓存内容？（没有Javascript）

[英]How does qz.com display cached content while being signed in? (No Javascript)

原文 2021-02-22 16:05:29 6 1 web/ caching/ varnish/ fastly

So I've been exploring the infrastructure of many websites again recently and started examining http response headers very closely.因此，我最近再次探索了许多网站的基础架构，并开始非常仔细地检查 http 响应标头。

After doing this for so long, I felt it was was very clear that if you were logged into a website, it could not display a cached main document page from Fastly while displaying dynamic content at the same time.做了这么久，我觉得很明显，如果你登录到一个网站，它不能在显示动态内容的同时显示来自 Fastly 的缓存主文档页面。 Turns out, I was wrong.原来，我错了。

The only way I can see this being possible is serving a cached page based off of some cookie (which I feel like I read somewhere that it's not secure, but tell me if I'm wrong)我认为这是可能的唯一方法是根据一些 cookie 提供缓存页面（我觉得我在某处读到它不安全，但如果我错了，请告诉我）

Also, I understand that qz.com is a Javascript app, but I found this when I had Javascript disabled.另外，我知道 qz.com 是一个 Javascript 应用程序，但是当我禁用 Javascript 时我发现了这个。 When I had Javascript disabled and navigated around the website while signed it, it still showed an indicator that I was signed in. After disabling cookies, the sign-in indicator left.当我禁用 Javascript 并在签名时浏览网站时，它仍然显示我已登录的指示符。禁用 cookies 后，登录指示符离开。

While I was navigating to new pages after signing in, it looks like the cache is simply served based off of your cookie considering the age started at 0 after signing in and then went up.虽然我在登录后导航到新页面，但考虑到登录后年龄从 0 开始然后上升，看起来缓存只是根据您的 cookie 提供的。 (I think it reset) （我认为它重置）

If that's not the case, can anyone give me insight as to how this could be done?如果不是这样，谁能告诉我如何做到这一点？

I've read this https://www.section.io/docs/modules/varnish-cache/how-tos/dynamic-caching/ and I'm betting that the answer is somewhere written in this doc/article.我读过这篇https://www.section.io/docs/modules/varnish-cache/how-tos/dynamic-caching/我敢打赌答案写在这个文档/文章的某个地方。

Thank you!谢谢！

1 个解决方案

Hole punching is indeed a very common way to divide your HTTP response into several fragments.打孔确实是将您的 HTTP 响应分成几个片段的非常常见的方法。 These fragments are used to render non-cacheable data.这些片段用于呈现不可缓存的数据。

AJAX is a common hole punching technique, but it is done in Javascript. AJAX 是一种常见的打孔技术，但在 Javascript 中完成。

Edge Side Includes (ESI) is the server-side alternative that is supported by Varnish. Edge Side Includes (ESI)是 Varnish 支持的服务器端替代方案。

Varnish also offers other mechanisms to perform stateful logic. Varnish 还提供了其他机制来执行有状态逻辑。 I have a slide deck that describes various mechanisms to cache personalized data: https://speakerdeck.com/thijsferyn/caching-the-uncacheable-with-varnish-php-london-2020我有一个幻灯片，描述了缓存个性化数据的各种机制： https://speakerdeck.com/thijsferyn/caching-the-uncacheable-with-varnish-php-london-2020