Memcached Question - Authenticated Users?
Neil Sheth
nsheth at gmail.com
Fri Feb 27 04:32:31 MSK 2009
Thanks, I'll look at that -
And yes, I wouldn't be using the cookie to actually determine
logged-in state, it's only for the purpose of determining whether or
not it's ok to serve cached content. . .
On Thu, Feb 26, 2009 at 3:51 PM, Nick Pearson <nick.pearson at gmail.com> wrote:
> I've not used the memcache module, but in general, what you are asking
> should be possible using the following:
>
> location / {
> set $logged_in "no";
> if ($http_cookie ~* "logged_in=yes") {
> set $logged_in "yes";
> }
> if ($logged_in = "yes") {
> proxy_pass http://app_server;
> break;
> }
> # otherwise, serve a cached page here
> }
>
> I have tested something similar to this, but not this exact config. Also,
> note that this would be easy to spoof. (My $logged_in variable and the
> cookie that sets it are used only to decide whether to serve a cached page
> -- not to determine whether a user is actually logged in.)
>
> Also note that my cookie check is simplified for the purpose of simplicity.
> If you need to read a cookie, see the example in the "if" documentation
> here: http://wiki.codemongers.com/NginxHttpRewriteModule#if
>
> On Thu, Feb 26, 2009 at 5:27 PM, Neil Sheth <nsheth at gmail.com> wrote:
>>
>> Hello,
>>
>> I'm looking at enabling the memcache module. One question - for any
>> member who has logged in to my site, I don't want to serve a cached
>> copy of the page. It's fine for anonymous users, however. Is this
>> possible? If I store a login cookie on the client, would that work?
>>
>> Thanks!
>>
>
>
More information about the nginx
mailing list