Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25533

Hardcoded anonymous_hash in FosHttpCache mismatches what is generated by Platform

    Details

      Description

      FosHttpCache uses a default, hardcoded user hash for anonymous users to save on performances.

      PR FosHttpCacheBundle#274 added a consistency check on the hash that re-generates the hash using the session in order to prevent inconsistencies with expired / cleared up sessions.

      The hash that gets generated for Platform's anonymous user does not match the hardcoded one. Since it depends on how the anonymous role is configured, it may change on any instance.

      This causes anonymous requests to invalidate cached versions of pages, since the consistency check disables caches / varying.

        Issue Links

          Activity

          Bertrand Dunogier created issue -
          Bertrand Dunogier made changes -
          Field Original Value New Value
          Status Open [ 1 ] Confirmed [ 10037 ]
          Bertrand Dunogier made changes -
          Link This issue relates to EZP-25505 [ EZP-25505 ]
          Bertrand Dunogier made changes -
          Priority High [ 3 ] Critical [ 2 ]
          André Rømcke made changes -
          Description FosHttpCache uses a [default, hardcoded user hash|https://github.com/FriendsOfSymfony/FOSHttpCache/blob/master/src/SymfonyCache/UserContextSubscriber.php#L64] for anonymous users to save on performances.

          PR [FosHttpCacheBundle#274|https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/pull/274] added a consistency check on the hash that re-generates the hash using the session in order to prevent inconsistencies with expired / cleared up sessions.

          The hash that gets generated for Platform's anonymous user does not match the hardcoded one. Since it depends on how the anonymous role is configured, it may change on any instance.

          This causes anonymous requests to invalidate cached versions of pages, since the consistency check disables caches / varying.
          FosHttpCache uses a [default, hardcoded user hash|https://github.com/FriendsOfSymfony/FOSHttpCache/blob/master/src/SymfonyCache/UserContextSubscriber.php#L63] for anonymous users to save on performances.

          PR [FosHttpCacheBundle#274|https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/pull/274] added a consistency check on the hash that re-generates the hash using the session in order to prevent inconsistencies with expired / cleared up sessions.

          The hash that gets generated for Platform's anonymous user does not match the hardcoded one. Since it depends on how the anonymous role is configured, it may change on any instance.

          This causes anonymous requests to invalidate cached versions of pages, since the consistency check disables caches / varying.
          Bertrand Dunogier made changes -
          Status Confirmed [ 10037 ] Backlog [ 10000 ]
          Bertrand Dunogier made changes -
          Status Backlog [ 10000 ] Development [ 3 ]
          Assignee Bertrand Dunogier [ bertrand.dunogier@ez.no ]
          Bertrand Dunogier made changes -
          Status Development [ 3 ] Development Review [ 10006 ]
          Hide
          Bertrand Dunogier added a comment - - edited

          PR FriendsOfSymfony/FOSHttpCacheBundle#289 that fixes anonymous user hash handling sanity check.

          PR ezsystems/ezpublish-kernel#1601 that integrates the one above.

          Show
          Bertrand Dunogier added a comment - - edited PR FriendsOfSymfony/FOSHttpCacheBundle#289 that fixes anonymous user hash handling sanity check. PR ezsystems/ezpublish-kernel#1601 that integrates the one above.
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR ezsystems/ezpublish-kernel/pull/1601 (Web Link)" [ 16262 ]
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR FriendsOfSymfony/FOSHttpCacheBundle#289 (Web Link)" [ 16263 ]
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR ezsystems/ezpublish-kernel/pull/1601 (Web Link)" [ 16262 ]
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR ezsystems/ezpublish-kernel#1601 (Web Link)" [ 16264 ]
          Hide
          Bertrand Dunogier added a comment - - edited

          https://github.com/ezsystems/ezpublish-kernel/pull/1609 merged to:

          Limits the version of fos-http-cache-bundle to 1.3.6 until the pull-requests above have been merged, and the issue fixed upstream.

          Show
          Bertrand Dunogier added a comment - - edited https://github.com/ezsystems/ezpublish-kernel/pull/1609 merged to: 6.1@87dd946 (ezpublish-kernel 6.1.1) 6.2@8b3f840 (ezpublish-kernel 6.2.1) master@a05d0e6 (ezpublish-kernel 6.3.0) Limits the version of fos-http-cache-bundle to 1.3.6 until the pull-requests above have been merged, and the issue fixed upstream.
          André Rømcke made changes -
          Link This issue relates to CS-5465 [ CS-5465 ]
          Joaquim Cavalleri (Inactive) made changes -
          Fix Version/s Customer request [ 11018 ]
          Joaquim Cavalleri (Inactive) made changes -
          Affects Version/s 5.4.6 [ 14493 ]
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR ezsystems/ezpublish-kernel#1601 (Web Link)" [ 16264 ]
          Hide
          Bertrand Dunogier added a comment -

          New PR to ezpublish-kernel, that replaces the previous one: https://github.com/ezsystems/ezpublish-kernel/pull/1758.

          Show
          Bertrand Dunogier added a comment - New PR to ezpublish-kernel, that replaces the previous one: https://github.com/ezsystems/ezpublish-kernel/pull/1758 .
          Bertrand Dunogier made changes -
          Remote Link This issue links to "PR ezsystems/ezpublish-kernel#1758 (Web Link)" [ 16790 ]
          Hide
          Bertrand Dunogier added a comment -

          It looks like the PR to http-cache-bundle is ready to be merged. Once done, I'll ask for a release so that we can close this.

          [~eduardo.fernandes@ez.no] would you mind testing the new implementation with the same scenario you have used before ? Apply this patch to ezplatform@master's composer.json, and run composer update. It should apply all the dependencies.

          Show
          Bertrand Dunogier added a comment - It looks like the PR to http-cache-bundle is ready to be merged. Once done, I'll ask for a release so that we can close this. [~eduardo.fernandes@ez.no] would you mind testing the new implementation with the same scenario you have used before ? Apply this patch to ezplatform@master's composer.json, and run composer update. It should apply all the dependencies.
          Show
          André Rømcke added a comment - Merged (6.3, 6.4, 6.5, master): https://github.com/ezsystems/ezpublish-kernel/commit/7148d39b4ee8d05478128401408c414f8d3864ff
          André Rømcke made changes -
          Status Development Review [ 10006 ] Documentation Review done [ 10011 ]
          Fix Version/s 5.4.8 [ 14594 ]
          Fix Version/s 1.4.2 [ 14595 ]
          Fix Version/s 1.5.1 [ 14598 ]
          Fix Version/s 1.3.3 [ 14599 ]
          Fix Version/s 1.6.0 [ 14600 ]
          Assignee Bertrand Dunogier [ bertrand.dunogier@ez.no ]
          Rui Silva (Inactive) made changes -
          Status Documentation Review done [ 10011 ] QA [ 10008 ]
          Hide
          Bertrand Dunogier added a comment -

          [~rui.silva@ez.no]

          • configure eZ Platform / eZ Publish Platform with a customized anonymous role
          • enable HTTP cache
          • get pages, and check the cache headers. Without this change (e.g. with the faulty fos-http-cache-bundle version) pages should not get cached
          Show
          Bertrand Dunogier added a comment - [~rui.silva@ez.no] configure eZ Platform / eZ Publish Platform with a customized anonymous role enable HTTP cache get pages, and check the cache headers. Without this change (e.g. with the faulty fos-http-cache-bundle version) pages should not get cached
          Hide
          Rui Silva (Inactive) added a comment -

          Issue could not be reproduced on an Nginx setup since QA was not able to remove the fix from the installations tested, so Sanity tests were executed to check that pages were properly cached using the respective headers, and not relevant issues were found.
          As referred on the jira, the issue does not happen at all on an Apache setup so just broad-scope sanity tests were executed on an Apache setup.
          Tested and approved by QA.

          Show
          Rui Silva (Inactive) added a comment - Issue could not be reproduced on an Nginx setup since QA was not able to remove the fix from the installations tested, so Sanity tests were executed to check that pages were properly cached using the respective headers, and not relevant issues were found. As referred on the jira, the issue does not happen at all on an Apache setup so just broad-scope sanity tests were executed on an Apache setup. Tested and approved by QA.
          Rui Silva (Inactive) made changes -
          Assignee Rui Silva [ rui.silva@ez.no ]
          Status QA [ 10008 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Joao Inacio (Inactive) made changes -
          Link This issue relates to EZP-26379 [ EZP-26379 ]
          Alex Schuster made changes -
          Workflow EZ* Development Workflow [ 97972 ] EZEE Development Workflow [ 125568 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Confirmed Confirmed
          26s 1 Bertrand Dunogier 03/Mar/16 12:31 PM
          Confirmed Confirmed Backlog Backlog
          4h 34m 1 Bertrand Dunogier 03/Mar/16 5:05 PM
          Backlog Backlog Development Development
          4s 1 Bertrand Dunogier 03/Mar/16 5:05 PM
          Development Development Development Review Development Review
          4h 2m 1 Bertrand Dunogier 03/Mar/16 9:08 PM
          Development Review Development Review Documentation Review done Documentation Review done
          188d 20h 37m 1 André Rømcke 08/Sep/16 6:45 PM
          Documentation Review done Documentation Review done QA QA
          14h 2m 1 rui.silva@ez.no 09/Sep/16 8:48 AM
          QA QA Closed Closed
          6d 2h 34m 1 rui.silva@ez.no 15/Sep/16 11:23 AM

            People

            • Assignee:
              Unassigned
              Reporter:
              Bertrand Dunogier
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: