Memcached Question - Authenticated Users?

Neil Sheth nsheth at gmail.com
Fri Feb 27 04:32:31 MSK 2009


Thanks, I'll look at that -

And yes, I wouldn't be using the cookie to actually determine
logged-in state, it's only for the purpose of determining whether or
not it's ok to serve cached content. . .

On Thu, Feb 26, 2009 at 3:51 PM, Nick Pearson <nick.pearson at gmail.com> wrote:
> I've not used the memcache module, but in general, what you are asking
> should be possible using the following:
>
>   location / {
>     set $logged_in "no";
>     if ($http_cookie ~* "logged_in=yes") {
>       set $logged_in "yes";
>     }
>     if ($logged_in = "yes") {
>       proxy_pass  http://app_server;
>       break;
>     }
>     # otherwise, serve a cached page here
>   }
>
> I have tested something similar to this, but not this exact config.  Also,
> note that this would be easy to spoof.  (My $logged_in variable and the
> cookie that sets it are used only to decide whether to serve a cached page
> -- not to determine whether a user is actually logged in.)
>
> Also note that my cookie check is simplified for the purpose of simplicity.
> If you need to read a cookie, see the example in the "if" documentation
> here: http://wiki.codemongers.com/NginxHttpRewriteModule#if
>
> On Thu, Feb 26, 2009 at 5:27 PM, Neil Sheth <nsheth at gmail.com> wrote:
>>
>> Hello,
>>
>> I'm looking at enabling the memcache module.  One question - for any
>> member who has logged in to my site, I don't want to serve a cached
>> copy of the page.  It's fine for anonymous users, however.  Is this
>> possible?  If I store a login cookie on the client, would that work?
>>
>> Thanks!
>>
>
>





More information about the nginx mailing list