This is a follow-up to https://github.com/backdrop-contrib/uc_price_per_role/issues/5.
The problem
By default, Backdrop caches various entities, notably nodes. (This was not done by default in D7.) There are situations, though, where the content and/or display of a node depends on the user; for example, anonymous and authenticated users might need to see somewhat different pages. The always-caching of nodes in Backdrop breaks the behavior of sites that relied on the ability to distinguish between users when rendering nodes in D7. A few examples:
If a site uses Token Filter module and includes any user-dependent tokens, e.g., [user:name], in the node body, all users (both anonymous and authenticated) will see the name of the user who viewed the page at the time it was cached.
In Ubercart sites, the UC Price per Role module charges different prices to different users, depending on their role. In Backdrop, all users see the same price, which is the price that was given to the user who viewed the page at the time it was cached.
In the User Time Zone Tokens module, one of the settings for time zone tokens is "Use user's timezone for authenticated users, browser's timezone for anonymous users." This is broken on Backdrop because the rendered time zone-specific time is getting cached as part of the node.
What is needed is the ability for site admins to disable entity caching, ideally with sufficiently fine-grained control so that one can only disable it where it makes a difference, but can leave it on elsewhere for performance gains.
Suggested change
On the Performance configuration page at admin/config/development/performance
, there is a fieldset for Caching that allows "Cache pages for anonymous users." I suggest we add a section here that lists all entities and offers checkboxes for both "Cache entitytype for anonymous users" and "Cache entitytype for authenticated users", and then we respect these settings in DefaultEntityController::load() when dealing with the persistent cache.
Related issues:
- [Remove field data sanitization from hook_field_load()](https://github.com/backdrop/backdrop-issues/issues/5642 (Drupal core patch)
Recent comments
Hi @izmeez I believe that server-level includes .htaccess as this is read by Apache before Backdrop gets to it. I personally wouldn't include more in trusted host patterns that is...
Trusted host patterns if several related domains redirect to main domain
Sorry for not being more clear in earlier comment. Presuming .htaccess is directing to a single url, either www or non-www bare domain, not allowing both. When it comes to adding trusted...
Trusted host patterns if several related domains redirect to main domain
What I tend to do in .htaccess is pick one and redirect to that. If you allow both and you don't specify a canonical one, then it could affect search as they would appear as duplicates. You may...
Trusted host patterns if several related domains redirect to main domain