How to disable Glimpse, the difference between turning Glimpse.axd off and defaultRuntimePolicy="Off"

Question

What is the difference between

1) turning Glimpse off via the web.config's setting:

<glimpse defaultRuntimePolicy="Off" endpointBaseUri="~/Glimpse.axd">

2) turning it off via Glimpse.axd

As I understand it, 1) will turn off all the tracing whereas 2) will stop the return of the traces to that particular browser session, but tracing will still be happening on the server. As I understand it, the only way to turn Glimpse off, say for a production instance, to remove any Glimpse processing overhead, would be to use 1).

Is my understanding correct?

Thanks

Answer 1

In case of 1 the GlimpseRuntime will detect that it should not trace actions going on during any of the requests. This value is one of the Glimpse Runtime Policy values of which Off is the most restricted one. Keep in mind that there will still be a little bit of overhead to make that check. If you want to take Glimpse completely out of the picture, then you must make sure there are no Glimpse related assemblies in your bin folder and that the registered HttpModule and HttpHandler are removed from the config

In case of 2 it will also prevent any tracing for a particular request, which is different from case 1 where the configuration value applies to all requests.

Let me clarify that a little bit. The GlimpseRuntime determines a specific RuntimePolicy value for each request and it does that based on IRuntimePolicy implementations. Glimpse comes with a couple of policies out-of-the-box, some decide whether or not to trace requests or to return the Glimpse client as part of the response. They do that based on returning content types (you don't want the Glimpse panel to be returned when an image is requested for instance), the status code, uri used, ... and one of those policies is the ControlCookiePolicy which effectively checks whether a specific Glimpse cookie is part of the request, if that is not the case, tracing will be disabled completely for that particular request. When you go to the Glimpse.axd page and you turn Glimpse on or off, you're basically creating or deleting that cookie.

So in case of 1 no tracing will be done at all, but in case of 2 tracing can be done for request A if the cookie has been set, but can be disabled for request B if the cookie is no longer there.

It is possible to ignore this ControlCookiePolicy and to create your own policies to determine whether or not the Glimpse Client should be returned or tracing should be done, ...