Memcached Question - Authenticated Users?


#1

Hello,

I’m looking at enabling the memcache module. One question - for any
member who has logged in to my site, I don’t want to serve a cached
copy of the page. It’s fine for anonymous users, however. Is this
possible? If I store a login cookie on the client, would that work?

Thanks!


#2

Thanks, I’ll look at that -

And yes, I wouldn’t be using the cookie to actually determine
logged-in state, it’s only for the purpose of determining whether or
not it’s ok to serve cached content. . .


#3

I’ve not used the memcache module, but in general, what you are asking
should be possible using the following:

location / {
set $logged_in “no”;
if ($http_cookie ~* “logged_in=yes”) {
set $logged_in “yes”;
}
if ($logged_in = “yes”) {
proxy_pass http://app_server;
break;
}
# otherwise, serve a cached page here
}

I have tested something similar to this, but not this exact config.
Also,
note that this would be easy to spoof. (My $logged_in variable and the
cookie that sets it are used only to decide whether to serve a cached
page
– not to determine whether a user is actually logged in.)

Also note that my cookie check is simplified for the purpose of
simplicity.
If you need to read a cookie, see the example in the “if” documentation
here: http://wiki.codemongers.com/NginxHttpRewriteModule#if