Using AJAX GET to generate CSRF protected forms in a cached page
Question
I have pages that use excessive time in database access and slow template processing so I had to use caching using django-cacheops that uses Redis . Now since I have POST forms that use csrf tokens, these values will be cached too. I've been thinking to implement the following solution but I am not still sure if it is a wise one.
- GET a unified cached page without any forms for all users whether logged in or not.
- Initiate a small script embedded in the cached page with AJAX GET request to load the form if the user is logged in.
Is this approach secure and wise? If so How can I know using Javascript/jQuery and cookies that I'm a logged user (ie How can I differentiate between the users and visitors in client side like request.user.is_authenticated() in server side)?
1 answers
solution1
0 2016-10-22 13:37:37
As a first approach you can try caching only the most heavy to render part of the page (make sure that heavy db queries stay lazy before that). Your forms should stay out of cached part(s).
The second approach is two-phased caching: the basic idea is that you do not render parts depending on cookies and/or user first time, cache the result and then render previously excluded parts. This way the majority of the page and most load would be behind cache and you'll only render small parts for every request.
There is a django-phased library, which implements this approach. Not sure whether it will work for you and how well it will play with cacheops, though.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.