Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
3.2.2
-
None
-
all
Description
It is always hard to debug/be sure when it comes to HTTP cache.
I think I have detected no less than 3 issues:
1/ security.yaml
ezpublish_front: pattern: ^/ user_checker: eZ\Publish\Core\MVC\Symfony\Security\UserChecker anonymous: true ezpublish_rest_session: ~ guard: authenticator: 'EzSystems\EzPlatformPageBuilder\Security\EditorialMode\TokenAuthenticator' form_login: require_previous_session: false csrf_token_generator: security.csrf.token_manager logout: ~
`lazy: true` is missing, according to symfony doc that is the default.
Why? because of
2/ Session is considered like OPEN
I don't exactly know why but we enter into the Symfony Code that adds the `private` `must-revalidate`
ezplatform/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php line 122
Session is not opened but the `getUsageIndex' is > 0
EDIT: eZ/Publish/Core/MVC/Symfony/Security/EventListener/SecurityListener.php is checking the SiteAccess login permissions with a isGranted which does the getUser and increment the getUsageIndex
Because of that Varnish or Fastly considers it and that's a MISS.
3/ max-age is forced anyway to 600
Let's consider 1/ and 2/ does not exist.
if (req.restarts == 0 && resp.http.content-type ~ "application/vnd.fos.user-context-hash") { set req.http.x-user-context-hash = resp.http.x-user-context-hash; return (restart); } if (resp.http.Vary ~ "X-User-Context-Hash") { set resp.http.Vary = regsub(resp.http.Vary, "(?i),? *X-User-Context-Hash *", ""); set resp.http.Vary = regsub(resp.http.Vary, "^, *", ""); if (resp.http.Vary == "") { unset resp.http.Vary; } if (req.http.cookie) { set resp.http.cache-control = "private, no-cache, no-store, must-revalidate"; } else if (resp.http.cache-control ~ "public") { set resp.http.cache-control = "public, s-maxage=600, stale-while-revalidate=300, stale-if-error=300"; } }
So:
If no `x-user-context-hash` in the Request, it is added, then in the code, there is an If in the view controller.
if `x-user-context-hash` exists then we vary on `x-user-context-hash` .... so at the end the vary is always there.
Which ultimately enters into the else that sets s-maxage 600.
#REPRODUCER
- Install Ibexa
- load the page
- look at the header
- and see `max-age=0, must-revalidate, private, s-maxage=86400` (see attached)
Regarding the lazy: that's here: https://symfony.com/doc/current/security.html#a-authentication-firewalls
Regarding the Vary, the code is self-explanatory