Pages with protected content cannot be cached

tacotac · September 2, 2022, 2:50pm

Hi dear community,

I’ve recently upgraded a website containing more than 1500 pages from Kirby 3.5.0 (PHP 7.4) to 3.7.5 (PHP 8.1). Since then, the overall navigation has slowed down because pages are not being cached anymore.

The following code in my header snippet seems to be the cause:

<?php if ( $kirby->user() ):
  <a href="url('my-account)">My account</a>
<?php endif ?>

I read a lot here and on Github about the security reason why cacheability detection has evolved, but after trying different nonworking hacks, I still wonder:

How to properly cache a page with some protected content for visitors?

tacotac · September 7, 2022, 10:11am

I’m not sure if my question is really clear, so I’ve taken a screen capture to better explain my issue.

Users can log in by filling a form displayed in a modal, accessible on every page in the website header.
Once logged in, the content of this same modal is replaced by some links. It could be a simple link to their account, or to a page with protected content to read and download (as in the capture above). Those links are wrapped in a code similar to what I’ve typed in my initial post (checking if Kirby user).
And, sadly, because of this simple user check, the pages of my website cannot be cached for visitors…

In the past, I used this in my config:

'cache' => [
  'pages' => [
    'active' => true,
    'ignore' => function() {
      return kirby()->user() !== null;
    }
  ]
],

…but it’s not working anymore since latest Kirby versions. So I’m now looking for alternatives, if there are new proper ways to check for active sessions and display protected content without breaking the cache functionality (which I really need as like I said, it used to hyperboost the page loadings).

Thank you very much for your time, if someone can guide me

texnixe · September 7, 2022, 5:39pm

Since I wasn’t really up to date I confirmed with the team and caching should works for users who are not logged in without any further config setting, i.e you can remove your config check for a logged in user.

tacotac · September 8, 2022, 2:27pm

Hi Sonja!

In my config.php, to activate cache for all pages, I currently have this:

'cache' => [
  'pages' => [
    'active' => true
  ]
],

Cache is working fine (at this step). In the header response I have:

For visitors: Cache-Control: max-age=0
For logged in users: Cache-Control: no-store, private

But in any template or snippet, if I want to make some content visible for logged in users only, once I use let’s says this:

<?php if ( $kirby->user() ):
  "Hello dear member"
<?php endif ?>

… the header response for visitors become Cache-Control: no-store, private.

I tried many things to make cache work, like I explained previously, even some hacks like the one shared here by @sebastiangreger. The issue has even been reproduced today by @sylvainjule using the latest Starterkit (3.7.5), as described in this Github post…
So I’m not the only one struggling with cache when pages contain user checks to display protected content

HOWEVER, I just noticed that in the .htaccess file (the one inlcuded in the Starterkit and Plainkit), if I remove the following line, caching seems to work as expected for visitors:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I said “seems to work” because I don’t know if it’s not breaking or going to break something in the way Kirby uses authorization… Maybe @lukasbestle, @bnomei or even @bastianallgeier could share their input? (Sorry guys for pinging, hope you won’t by angry )

Again, thanks all for your time and effort helping solve this issue

texnixe · September 8, 2022, 2:41pm

@lukasbestle will look into it asap.

lukasbestle · September 8, 2022, 8:13pm

Discussion continues in the GitHub issue to keep everything in one place:

github.com/getkirby/kirby

Pages cache not working (neither stored not used) when checking for logged in user

opened 10:27AM - 08 Sep 22 UTC

sylvainjule

needs: information ❓ type: bug 🐛

## Description Having read @lukasbestle's explanation in #4423, I figured the f…ollowing would work. [This thread](https://forum.getkirby.com/t/pages-with-protected-content-cannot-be-cached/26387/2) in the forum suggests this should work too so I'm mentioning this as an issue. Starting with a fresh starterkit, I activate the cache in `config.php`: ```php 'cache' => [ 'pages' => [ 'active' => true ] ] ``` Pages are stored. Let's say I want to add the ability for my logged in users to have an edit button available on any front-end page which redirects to this very same page in the panel. I clear the cache and I add in my `header.php`: ```php <?php if(kirby()->user()): ?> <a class="edit" href="<?php echo $page->panel()->url() ?>">Edit content</a> <?php endif; ?> ``` As soon as I do, the cache stops storing pages, the `Cache-Control: no-store, private` header is always set despite me not being logged in. Here's a video of this: https://user-images.githubusercontent.com/14079751/189099427-fdbd6cd6-ac20-4d42-b355-d5e5d695af95.mp4 ## Your setup Kirby 3.7.5

Thank you @tacotac for the pointer that HTTP_AUTHORIZATION makes a difference here, it lead me to a possible solution in the core.

tacotac · September 9, 2022, 8:12am

Thank you @lukasbestle! I’m so glad if my finding could help you solve this. Finally cache is working using your solution

Topic		Replies	Views
Pages being cached even with cache disabled Questions v2	19	2390	February 6, 2025
How to cache "only" the webpages for anonymous visitors Questions v2	5	1283	February 6, 2025
Pages cache stays empty Questions v3	3	599	February 23, 2022
Cache is patchy Questions	6	423	September 23, 2021
Kirby Cache + routes Questions v2	4	1645	February 6, 2025

Pages with protected content cannot be cached

Related topics