This is somewhat of a duplicate issue from the flag module #1468984: Flags deactivates page cache in combination with session_api module.
From what I can tell, basic interaction with the session_api module renders pages uncachable.
function session_api_get_sid($create = TRUE) {
...
if ($create) {
// Must initialize sessions for anonymous users.
session_api_start_session();
}
...
It calls session_api_start_session():
function session_api_start_session() {
$_SESSION['session_api_session'] = '';
drupal_session_start();
}
Which drops data into the session.
But, the in the core's session.inc file, a page becomes uncachable the moment anything is added to session:
function drupal_session_initialize() {
...
if (!empty($_COOKIE[session_name()]) || ($is_https && variable_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
...
// This is where we get buggered
if (!empty($user->uid) || !empty($_SESSION)) {
drupal_page_is_cacheable(FALSE);
}
...
I'm not sure if this is a bug, a feature, or a won't fix type of issue. Was the session api module meant to disable page caching? I was under the impression it might be possible to keep session data in the database, then drop the sid into a cookie, bypassing the session altogether.
Drupal: 7.12
Flag: 7.x-2.0-beta6
Session_api: 7.x-1.0-beta3
Comment | File | Size | Author |
---|---|---|---|
#20 | session_api_nophpsession-1492622-20.patch | 1.94 KB | a.ross |
#18 | session_api_nophpsession-1492622-18.patch | 1.26 KB | a.ross |
#6 | session_api_nophpsession.patch | 1.53 KB | quicksketch |
Comments
Comment #1
lance.gliser CreditAttribution: lance.gliser commentedquicksketch checked in the issue against Flag. He's labeling this a session_api issue.
Comment #2
jhedstromUnless I'm missing something, setting
$create = FALSE
will resolve the issue. If a site needs more control of when sessions are created, that's what the parameter is for. Perhaps flag can make that configurable? I'm also open to how session api itself might resolve this issue, but I don't have any ideas offhand.Comment #3
lance.gliser CreditAttribution: lance.gliser commentedI tested out your suggestion, and I do retain page caches, while keeping flag cookies. From 20 minutes testing, does seem to resolve it. Let's put this on hold, and go back over to flag and see what others find.
Comment #4
quicksketchI've confirmed that Session API is the root of the problem in #1468984: Flags deactivates page cache in combination with session_api module. Session API's use of the $_SESSION variable completely eliminates the purpose of this module. If we wanted to start a normal PHP session, you wouldn't have any purpose for Session API since a session ID is generated already once you put something in $_SESSION. The added effect of using $_SESSION is that the page cache is disabled.
What Flag module expects from Session API is that it will generate a numeric session ID without starting a normal PHP session.
Comment #5
quicksketchNote that this problem is only apparent in Flag when using a non-global flag. Since Flag doesn't need a Session ID for global flags. It's simple enough to just enable the "bookmarks" flag that comes with the module for anonymous users to reproduce the problem.
Comment #6
quicksketchThis might do the trick. It should populate the $_COOKIE variable so that Session API can do its check.
Comment #7
loparr CreditAttribution: loparr commentedHello,
I applied this patch to dev version 7x1x dev. I had to set cookie time less because after clearing the cache in drupal, tha changes were visible after cookie expiration.
Hovewer, this is working so far with anonymous users and cache enabled.
Thank you.
Comment #8
Olarin CreditAttribution: Olarin commentedPatch in #6 seems to be clean and sensible and works as expected for me with latest releases of Flag and Session API.
Comment #9
Jarviss CreditAttribution: Jarviss commentedComment #10
hachreak CreditAttribution: hachreak commentedIt's possible to port this patch also for 6.x-1.x module version?
Best,
hachreak
Comment #11
Exploratus CreditAttribution: Exploratus commentedI am guessing this hasnt been commmited, I am hving issues with pages with user specific flags rendering no cache.
Comment #12
Drupa1ish CreditAttribution: Drupa1ish commentedBig thanks @quicksketch! #6 works also with https://drupal.org/project/drupalchat
Comment #13
Exploratus CreditAttribution: Exploratus commentedseems to work for me to.
Comment #14
quicksketchThanks for all the confirmations guys! I feel like this patch may need explanation as to how it works in order to be accepted by the maintainer.
What this code is doing is setting a cookie via JavaScript. Why JavaScript instead of just setting a value in $_SESSION, $_COOKIE or setcookie()? Because if you set a value using any of those methods it requires sending a Set-Cookie HTTP Header to the client from Drupal. Using this header will disable all caching, because the user's browser is the intended recipient of the header.
So by using JavaScript instead, we can serve the exact same page to all anonymous users. The cookie will be set by JavaScript once the page has been loaded, and subsequent requests sent by the user will set the value in the $_COOKIE variable.
Comment #15
Drupa1ish CreditAttribution: Drupa1ish commented+1
Comment #16
adammaloneAre we able to get some movement on this jhedstrom?
Comment #17
a.ross CreditAttribution: a.ross commentedPerhaps you can include your explanation for using Javascript to set a cookie here.
Is the path correct when Drupal is installed in a subfolder?
Also, this patch needs to be rerolled against -dev and it causes a test failure.
Comment #18
a.ross CreditAttribution: a.ross commentedRe-roll
Comment #20
a.ross CreditAttribution: a.ross commentedThis should do it. I'm just not exactly sure what "fooling
session_api_get_sid()
" was supposed to do.Comment #21
a.ross CreditAttribution: a.ross commentedComment #22
a.ross CreditAttribution: a.ross commentedThe problem here is that cURL doesn't support JavaScript, so the cookie won't actually be set client-side and re-used for the next request. This should be done more elegantly.
Also this exposes an issue with this solution: clients that have JavaScript disabled won't be compatible with Session API. While that may be rare, it would be better to make the cookie initialization method configurable.
Comment #23
a.ross CreditAttribution: a.ross commentedThis should be an option as mentioned. I'm just wondering if it would also make sense to allow for "lazy-initializing" the session with JS, as currently happens with the Set-Cookie header.
Pros of using JS in the way proposed:
Cons:
Comment #23.0
a.ross CreditAttribution: a.ross commentedAltered formatting for issue's queue link.
Comment #24
Jibus CreditAttribution: Jibus commentedIn my opinion, making session api works with anonymous users cachable would be great. I guess that most Drupal site use cachable page in order to earn performance. So it's would be a very good feature.
For people who disable JS, i guess session api won't be the first problem, but all "jQuery package" that almost all developpers use in their website.
It would be conveniant to have the cookie initialization method configurable (#22) with two options :
- Set the cookie through Javascript (works with anonymous user on cachable page)
- Set the cookie through the server
Comment #25
drupalz001 CreditAttribution: drupalz001 commentedBefore applied the patch, i have the similar issue which is when the 'bookmark flag' is flagged by an anonymous user, all the pages(fresh pages, havent been saved by boost module) i visited after it will not be saved by the boost.
After applied the patch, all the pages will be saved by the boost. But i have a problem here, the page with flagged(bookmarked) status is always showing 'bookmarked' for all the anonymous users who visited the cached page, even another anonymous user unflagged it.
I've no idea how to update the flag status alone, any ideas?