Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Site wide caching with Django - problems with password protected pages on logout

I've recently implemented sitewide caching using memcached on my Django application, I've set the TTL to about 500 seconds, and implement per view caches on other parts of the web application.

The problem I have is that when a user logs out, because it's a form post the site behaves as expected, however if they then go to a password protected part of the site, the application behaves as if they have still logged in, unless they hit "refresh". I'm new to caching, and wondering if I can do anything smart to prevent this?

like image 865
Tristan Brotherton Avatar asked Oct 22 '09 16:10

Tristan Brotherton


People also ask

What are the caching strategies in Django file system caching in memory caching?

The cache uses a least-recently-used (LRU) culling strategy. Note that each process will have its own private cache instance, which means no cross-process caching is possible. This also means the local memory cache isn't particularly memory-efficient, so it's probably not a good choice for production environments.

How do I disable caching in Django?

structure, setting CACHES = None or CACHES['default']['BACKEND'] = None causes Django to choke, and setting CACHES = {} still seems to enable basic caching.

What types of caching mechanisms are Django supported?

Memcached. This is the most efficient caching system supported natively in Django. Memcached provides a fast interface for adding, retrieving, and deleting data from the cache. Here, all data are stored directly in memory instead of the database, which makes accessing the data faster.

Does Django automatically cache?

Unless we explicitly specify another caching method in our settings file, Django defaults to local memory caching. As its name implies, this method stores cached data in RAM on the machine where Django is running. Local memory caching is fast, responsive, and thread-safe.


2 Answers

I ran into similar issues. The standard Django way is to disable cache for authenticated users.

#settings.py
CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True

It works fine if different users see different pages (example: their user name on them) and you can't have one version for them.

But if there are only 2 versions of page: for authenticated users and for others then it is not good to completely disable cache for authenticated users. I wrote an app that, besides all, make it possible to fine-tune cache in this case.

Update.

BTW: you mentioned that when you click 'refresh' correct version of page is received. It means that problem is client-side cache (Expires header or E-tag), not the server cache.

To prevent client-side caching (you have to do that if you have several versions of page under the same URL) use @cache_control(must_revalidate=True) decorator.

like image 154
Mikhail Korobov Avatar answered Sep 27 '22 21:09

Mikhail Korobov


In the view of a password protected part of the site, do you check whether the user is registered or anonymous before fetching the data (and perhaps bringing data from cache)?

You should. Django helps you, with a login required decorator you can place on the view. Take a look at this: http://docs.djangoproject.com/en/dev/topics/auth/#the-login-required-decorator

like image 37
OmerGertel Avatar answered Sep 27 '22 20:09

OmerGertel