Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
igrishaev2012-11-23 12:47:06
Django
igrishaev, 2012-11-23 12:47:06

The site is cached in corporate networks

Hello.

There is a corporate Django application with authorization. From time to time, people from large organizations (telecoms, banks) call and complain that they see pages with information about another user, for example, their colleague. I suspect that this is due to caching on proxy servers in these organizations: it is possible that the proxy gives the cookies of the authorized user to everyone indiscriminately, as a result of which the anonymous user who receives them logs in automatically.

The question is how to avoid this? Added to the template:
<meta http-equiv="Cache-Control" content="no-cache">
but does not help. Maybe you need to give the cache control as a header?

Janga 1.4, Python 2.7, Apache 2.2, mod_wsgi, session is stored in cookies.

UPD: made a middvar:

#nevercache.py
from django.utils.cache import patch_cache_control

class NeverCacheMiddleware():
    def process_response(self, request, response):
        patch_cache_control(response, no_cache=True, no_store=True,
                                must_revalidate=True, proxy_revalidate=True)
        return response

#settings.py
MIDDLEWARE_CLASSES = (
    "nevercache.NeverCacheMiddleware",
    #...
)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
F
FloppyFormator, 2012-11-23
@igrishaev

It's in the form of a header. Caching is affected by the Cache-Control and Expires headers. In Django, headers are available as keys of the HttpResponse class object:

response = HttpResponse()
response['Cache-Control'] = 'no-cache'
response['Expires'] = 'Mon, 26 Jul 1997 05:00:00 GMT'

Report
N
Nikolai Turnaviotov, 2012-11-23
@foxmuldercp

And bind it to the global layout?
For example, for me, all the markup of all pages is stored in one file, the text of the pages is already twitching separately.
But I have Asp.Net MVC.

Report
E
egorinsk, 2012-11-23
@egorinsk

It is necessary to disable page caching if the user is logged in.

Similar questions
V
vanoqwerty2017-04-08 18:55:38
Adding product to cart without reloading WordPress+Woocommerce page? 2Reply
S
Sergey Alekseev2019-02-01 11:07:16
Django how to dump a table from a specific database? 1Reply
I
Ilya2014-08-19 03:37:14
Django doesn't show date using |date conversion, where to look for error? 2Reply
B
birdy902014-08-19 21:47:46
Is it possible to put django static files directly into STATIC_ROOT? 1Reply
V
Vampre2019-02-02 06:44:06
What is the best way to limit the number of top stories? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question