Page caching + authentication/flash messages = chaos?

I have run into a bit of a caching problem. I'm building a website that mostly consists of static editable pages. There is a basic authentication system to restrict who is able to edit the pages and so on. If you're logged in, an edit and a destroy link will show up.

This is my problem: If you're logged in and a page hasn't been cached yet, it will be cached with edit/destroy links for everyone else to see. They can't edit the pages anyway, so what are they going to need the links for? And if the page has been cached by a regular user, the administrator can't see the links.

And also, when the admin presses "Log in", I want a flash message to show up telling him that he has logged in successfully. Again: If the page hasn't been cached yet, the flash message will be visible to everyone. If the page wasn't cached before, the flash messages won't show up.

Does this mean that flash messages and authentication is an impossible combination? Is there any way to work around this?

Does this mean that flash messages and authentication is an impossible combination? Is there any way to work around this?

-- David Trasbo. http://twitter.com/datra

That's an easy one. For your case you cannot use page or action caching as you have a flash. You can only cache using fragment caching, and you have to place your fragments in the correct places otherwise you will have the behavior you describe.

Caching is a double edged sword.

Fernando Perez wrote:

Does this mean that flash messages and authentication is an impossible combination? Is there any way to work around this?

That's an easy one. For your case you cannot use page or action caching as you have a flash. You can only cache using fragment caching, and you have to place your fragments in the correct places otherwise you will have the behavior you describe.

Caching is a double edged sword.

I think you're right. I have been googling around to find something, and it appears to be, that I'm not the only one having these kind of problems. I have seen solutions like displaying flash messages with Javascript (that requires a 5000 lines Prototype library, though), I've been reading about conditional caching, clever caching with memcached and so forth.

But nothing actually solves the problem without giving new ones. So I guess I have to use fragment caching?

Fernando Perez wrote:

But nothing actually solves the problem without giving new ones. So I guess I have to use fragment caching?

We use fragment caching on our VoD website: http://www.digiprof.fr , you cannot do page caching if once the user is authenticated, he gets a custom page.

PS: yeah Prototype is huge, we are currently considering other lighter options, such as mootools.

It would have been kind of frustrating to have 5000 lines of Javascript hanging around just to make one thing little thing work: Cacheable Flash. So I don't want to do that.

I'll try fragment caching, then. Thanks! :slight_smile:

Does this mean that flash messages and authentication is an impossible combination? Is there any way to work around this?

I am using Cacheable Flash for the Rails Magazine web site and it works rather well (you can see it in action on login).

The trick is to page cache only pages for anonymous users (using an apache or nginx rewrite rule to detect specific cookies/authenticated users).

Including Prototype or other Javascript libraries is not a huge deal as these can be cached on the client (so the transfer hit is incurred only on the first request). On the other hand it's overkill to include them solely for accessing cookies or dealing with cacheable flash.

Best regards, Olimpiu