Em 31-05-2011 08:07, Christian Johansen escreveu:
On Tue, May 31, 2011 at 12:48, Rodrigo Rosenfeld Rosas <[email protected] <mailto:[email protected]>> wrote:Em 31-05-2011 07 <tel:31-05-2011%2007>:42, Christian Johansen escreveu:On Tue, May 31, 2011 at 12:22, Rodrigo Rosenfeld Rosas <[email protected] <mailto:[email protected]>> wrote: Em 31-05-2011 06 <tel:31-05-2011%2006>:31, Christian Johansen escreveu:On Fri, May 27, 2011 at 10:40, Christian Johansen <[email protected] <mailto:[email protected]>> wrote:But since you're asking so critically I have to admit I'm not entirely sure if the session check is entirely required. However, it did seem to be the thing that caused all the tests to fail? Maybe Marius has better memory than me here?The only case we could think of that uses the session without the user being logged in is in the case of flash messages. However, flash messages are only used in actions that are POST-ed to, in which case the user should be on https already. So I think we can remove that part. I will fix this method on master. Finally remember the actual reason why we have the session expiry check. The reason is caching. Rails is very eager when it comes to session cookies. Basically as soon as you touch the session object, Rails _will_ send a cookie. The cookies prevent us from utilizing our cache frontends properly. So in this case, merely checking that the user is logged in will cause a session cookie to be sent. I ended up with this: def using_session? !request.session_options[:expire_after].nil? end def ssl_allowed? request.ssl? end def ssl_required? GitoriousConfig["use_ssl"] && using_session? && logged_in? end Which at least reads clearer to me. What do you think?Much clear undoubtedly! But still, if caching is a concern here, this should be stated at least as a comment there. Good point: # "Safely" check whether or not we're using the session. Unfortunately # simply touching the session object will prompt Rails to issue a session # cookie in the response, which in some cases breaks caching. # # Use this method as a guard in actions where cacheability is important, # and you most probably don't need to access the session. def using_session? !request.session_options[:expire_after].nil? end As far as I know, this issue is much easier to handle under Rails 3, which isn't as eager on sending session cookies.The explanation is great! And have you checked whether this is really avoiding Gitorious from sending a cookie? It is always sending the cookie in my tests.That's because most actions still touch the session. We have done some work with a few often used actions to be able to cache them, but this is just a start. Here's an example: `curl -i http://gitorious.org/gitorious/mainline/config` <http://gitorious.org/gitorious/mainline/config%60>
Right, but shouldn't the root mapping be cacheable too? -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
