So I've been exploring the infrastructure of many websites again recently and started examining http response headers very closely.
After doing this for so long, I felt it was was very clear that if you were logged into a website, it could not display a cached main document page from Fastly while displaying dynamic content at the same time. Turns out, I was wrong.
The only way I can see this being possible is serving a cached page based off of some cookie (which I feel like I read somewhere that it's not secure, but tell me if I'm wrong)
Also, I understand that qz.com is a Javascript app, but I found this when I had Javascript disabled. When I had Javascript disabled and navigated around the website while signed it, it still showed an indicator that I was signed in. After disabling cookies, the sign-in indicator left.
While I was navigating to new pages after signing in, it looks like the cache is simply served based off of your cookie considering the age started at 0 after signing in and then went up. (I think it reset)
If that's not the case, can anyone give me insight as to how this could be done?
I've read this https://www.section.io/docs/modules/varnish-cache/how-tos/dynamic-caching/ and I'm betting that the answer is somewhere written in this doc/article.
Thank you!
Aucun commentaire:
Enregistrer un commentaire