[wp-hackers] Login System Patch

Kimmo Suominen kim at tac.nyc.ny.us
Sun Jan 23 16:35:21 GMT 2005


Have you tried this with caching enabled on your browser, *and* through
a proxy cache, with an Apache server configured to use ExpiresActive by
default?

I don't think the concept will work with caches without using proper
cache control headers.  If authentication can happen on any URL, then
you'd also have to invalidate every page for the cache, or at least
mark it private (non-shared), making proxy caches drop the page.

I think the old approach with a single URL for the login page is much
more friendly towards caching.  Most pages from WP can be cached.

Regards,
+ Kim
-- 
<A HREF="http://kimmo.suominen.com/">Kimmo Suominen</A>

On Sun, Jan 23, 2005 at 10:15:11AM -0500, Robert Deaton wrote:
> Index: wp-includes/functions.php
> ===================================================================
> RCS file: /cvsroot/cafelog/wordpress/wp-includes/functions.php,v
> retrieving revision 1.237
> diff -r1.237 functions.php
> 1520,1536d1519
> < if ( !function_exists('auth_redirect') ) :
> < function auth_redirect() {
> < 	// Checks if a user is logged in, if not redirects them to the login page
> < 	if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && 
> < 	!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH],
> $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
> < 	(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
> < 		header('Expires: Mon, 11 Jan 1984 05:00:00 GMT');
> < 		header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
> < 		header('Cache-Control: no-cache, must-revalidate, max-age=0');
> < 		header('Pragma: no-cache');
> < 	
> < 		header('Location: ' . get_settings('siteurl') .
> '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
> < 		exit();
> < 	}
> < }
> < endif;
> < 


More information about the hackers mailing list