Page Expiration

Every morning when I go to The Monestary Gates, I get to see the logged-in MG page of the last monk in my company to be logged-in yesterday. As soon as I click on a link anywhere in PM, I then get to see my login button, so I'm not actually logged-in as the other monk, just the page being cached inappropriately by our company gateway.

Well, I was just reading this node by Asim about using the Expires and Cache-Control HTML features to prevent or limit page caching, so I immediately went to look at the source HTML for The Monestary Gates, and sure enough, no Expires or Cache-Control.

I don't know if these would prevent the caching weirdness I see with our company gateway, but I would guess The Monestary Gates (and probably ALL PM pages) should expire within a few minutes. I did a super-search and found this topic discussed many times, but never in relation to PM pages. Perhaps some of the longer-standing monks can comment on if this has ever been tried. Probably other company gateways are showing people other monk's pages, which could be a security issue.

drinkd

btw. I am running the most recent Mozilla browser, if that matters, and our gateway specifics are not known by me (>100k employees, gateway at another site). Also, all of the monks at my company are higher level than me, so its just depressing to see that they only need 500 more points to get to level 15, and have 658 votes left, or whatever.

Comment on Page Expiration

Replies are listed 'Best First'.
Re: Page Expiration by buckaduck (Chaplain) on Nov 09, 2001 at 20:22 UTC
I can confirm seeing this on drinkd's browser. I'm the other PerlMonk in question. The first time he accesses the site each day, he sees a cached version of the site as seen from within my account. We did experiment enough to verify that he couldn't actually use my account to post or vote, but it's still a little disturbing that he could see, for example, my personal messages. One point I will note is that he's not clicking the "Remember me" checkbox when he logs in (he prefers to log in each day). This could be relevant. It also means that theoretically any Anonymous Monk in my company could be viewing my account on a daily basis! I assume that our company's proxy server is caching things over-aggresively. Isn't there some way to circumvent this? Update: I should be more explicit about something that drinkd alluded to. We work at a large corporation with a corporate IT group that is never ever going to bother reconfiguring the gateway solely for our PerlMonks viewing pleasure. This leads us to hope that the answer lies elsewhere. What we're wondering is: Should PerlMonks be using something like an Expires: header? Is it already doing this? buckaduck	[reply]
Re: Re: Page Expiration by maverick (Curate) on Nov 09, 2001 at 20:39 UTC
I run the squid proxy server at home and it has a configuration option to specify, based upon a url regexp, what things to cache or not to cache. I would suspect that most decent proxy programs have a way to do this. I'd suggest having your sysadmin look into this, because odds are, PM isn't the only site that your proxy will over aggressively cache. /\/\averick perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"	[reply]
Re: Re: Re: Page Expiration by tomhukins (Curate) on Nov 10, 2001 at 00:39 UTC
Perl Monks isn't the only site that doesn't deal with Web caches properly, but that's no reason for it to violate HTTP standards. If an HTTP response makes no statement as to what a cache should do with it (no Last-Modified, Expires or Cache-Control), the document is considered cacheable. I disagree that cache administrators should be held responsible for creating workarounds for non-compliant sites. Web site/application developers should be responsible for ensuring their code works properly.	[reply]
(maverick) Re 4: Page Expiration by maverick (Curate) on Nov 10, 2001 at 01:44 UTC
Re: (maverick) Re 4: Page Expiration by buckaduck (Chaplain) on Nov 10, 2001 at 02:40 UTC
Re: Re: Page Expiration by blakem (Monsignor) on Nov 10, 2001 at 01:51 UTC
A silly client side hack would be to access perlmonks through some of its lesser known aliases: http://yoda.blockstackers.com comes to mind.... Or, you could muck with your own DNS, (with /etc/hosts, its Windows equivalent, or a local DNS caching server) to point some other odd domain (ThisReallyIsForWorkIPromise.com perhaps??) at perlmonks IP. If your cache is based on domain names (which I imagine it would be) this would prevent the casual anonymonk from tripping over your private messages. -Blake	[reply]
Re: Page Expiration by Asim (Hermit) on Nov 09, 2001 at 22:46 UTC
The problem is that this means the users will be putting a serious smack-down on the servers, even harder than they already down. The cache helps (usually...) on both ends, and, as already mentioned, this would not be the only site that would have this problem. So, all in all, I can't recommend a short cache-time for PerlMonks, which is already, one guesses, hard-up for bandwidth and processor time. For you guys, I would recommed going to your company, because issues like this are security-related, and will affect more than one user. Or...in Mozilla, Go Edit/Preferences/Advanced/Cache, and change it to "Every Time I view the Page", and see if that doesn't help the problem. ----Asim, known to some as Woodrow.	[reply]
Re: Re: Page Expiration by buckaduck (Chaplain) on Nov 09, 2001 at 23:30 UTC
We have already played with Mozilla's cache, to no avail. (Update: Although I should point out that Mozilla 0.9.5 does seem to overaggressively cache many things, regardless of the settings.) And we have also seen this happen with other browsers, such as IE. Regarding the toll that this would take on PerlMonks: Maybe an expiration after 3 minutes would be extreme. But it currently isn't even expiring after 12 hours. That's a pretty long time. Even the front page changes more frequently than that... buckaduck	[reply]