Hi, I've just recently developed an order-history section for my users, and I want to cache the action as it's quite a hefty process (xml api call to a booking server that takes a while to generate the results).
Obviously I need something unique like say the user_id in the url to make sure the cache is unique to that user. However, it seems that although the user has to be logged in to view the order-history, there is nothing to stop them substituting their user_id for someone elses to load another user's history if they've happened to cache it recently. i.e. 1. User1 logs in, views order history which is then cached for 30 mins. 2. 10 mins later, User2 logs in, views the order history page, but then changes the userid to User1's, and gets his/her cached history displayed instead. How do people prevent this from happening? This is on symfony 1.0.20, using the standard symfony file cache. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---