Time restriction protection is actually bypassed for anonymous users, because page is cached with the form and timestamp is always the same. CAPTCHA module forces disabled page cache when there is a protected form on the page, Honeypot should do the same.

CommentFileSizeAuthor
#4 disable-anon-cache-d7-1450536-4.patch1.32 KBgeerlingguy
#3 disable-anon-cache-1450536-3.patch1.64 KBgeerlingguy
#2 1450536-disable-page-caching.patch1.65 KBdmitriy.trt
Force_disabled_page_cache.patch1.77 KBdmitriy.trt

Comments

geerlingguy’s picture

geerlingguy commented
Version: 6.x-1.9 » 6.x-1.x-dev

I'll take a look at this; might need to be done differently in D7, too. Thanks for the bug reports!

dmitriy.trt’s picture

dmitriy.trt commented
StatusFileSize
new 1450536-disable-page-caching.patch1.65 KB

Here is an updated patch. It includes Varnish external cache bypass. Code was copied from Mollom module, see http://drupal.org/node/962534

geerlingguy’s picture

geerlingguy commented
Version: 6.x-1.x-dev » 7.x-1.x-dev
Status: Needs review » Patch (to be ported)
StatusFileSize
new disable-anon-cache-1450536-3.patch1.64 KB

Attached patch committed to D6 (thanks again for the bug report!): http://drupalcode.org/project/honeypot.git/commit/aaef0f9

geerlingguy’s picture

geerlingguy commented
Status: Patch (to be ported) » Fixed
StatusFileSize
new disable-anon-cache-d7-1450536-4.patch1.32 KB

Committed attached patch for D7 (special code for Pressflow isn't needed in D7, as the cache headers should be sent appropriately in Drupal 7): http://drupalcode.org/project/honeypot.git/commit/91245c0

dmitriy.trt’s picture

dmitriy.trt commented

Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.