Disable AppCache for Active Backend Users

[christianromeni]

I had a customer that wanted to see the changes he made straight away. But with the enabled cache, this was not possible. I talked to Toflar and we came to the solution that it would be a good idea to only enable the AppCache if the user is not logged in to the backend.

[Toflar]

Note that this is only a temporary fix until we finally move to using the FOS http cache with preflight requests. I'm working on that but it'll take time. Also this only works as long as we're not using Symfony security. So it might be a quick fix for Contao 4.3 and eventually be changed with 4.4 or 4.5 etc. again.

[Toflar]

You might be better of creating a app_no_cache.php entry point.

[aschempp]

I don't like the idea, it has multiple flaws:

1. it will only work as long as we do not have Symfony security
2. everyone can bypass the cache by setting a cookie with no value

a custom entry point is the right solution in my view. Why not use something like that?

[Toflar]

a custom entry point is the right solution in my view. Why not use something like that?

• You have to create it for every installation.
• There's no link directly from the back end for the editors, so it's a bit inconvenient.

[aschempp]

There's no link directly from the back end for the editors, so it's a bit inconvenient.

Well you should open the backend with that entry point from the beginning… you can also add a redirect if necessary…

[christianromeni]

I think that will just make it more complicated...

1. it will only work as long as we do not have Symfony security

For which release is that planned? It was ment for a quick workaround till Toflar finishes his cach-rework

2. everyone can bypass the cache by setting a cookie with no value

Yep.. But why would they? Is there a security risk if you can bypass the cache? Or what would/could someone (except for backend users) do with it?

[leofeyer]

See https://github.com/contao/core-bundle/pull/749.