Browser Session overrides Login / Logout

  • Resolved christopherreay

    (@christopherreay)


    10 years, 7 months ago

    Hi,

    So im exploring the logged in / logged out performance of my site.

    Its really great to see falcon do its thing.

    If I log in to my site (e.g. to make a donation) and then log out again (e.g. to experience awesome page load speeds) falcon still serves me non cached pages, and anywhere I go from that point on does not cause falcon to cache a page. If I destroy the browser session (incognito window) and re open, pages are served again as cached, and visited pages cause caching.

    I have checked and… If I clear the browsing history, caching returns.
    If I close the browser window (without deleting history) then caching returns.
    So something about the browser session causes Falcon to treat the browser as still logged in after log out.

    I often keep browser windows open for weeks at a time…

    Thanks for the great work

    Christopher

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    10 years, 7 months ago

    Christopher,

    Good catch — this caching behavior after logging out is actually intentional because of the way most browsers handle their local caches.

    If you were logged into the site and visited a page, then log out and visit the same page, the browser asks the server if it changed since the last time you visited it — the server will find its cached copy of the page, which usually has an older date on it, and it sends back a “not modified” message to the browser. Your browser may then display the page you saw while logged in, instead of the public version — which is definitely a problem! Wordfence prevents this by using a cookie that expires when the browser exits, because the browsers’ caches will work as expected after exiting.

    If it helps, I think that if you open a new incognito window, you should see the fast (public) version of the site again, at least in the current version of Chrome, since the “logout” cookie wouldn’t be sent, and I believe the local browser cache is ignored in new incognito windows.

    -Matt R

Viewing 1 replies (of 1 total)

The topic ‘Browser Session overrides Login / Logout’ is closed to new replies.

Tags