Hi, is your request for order-history done via a SOAP call? If it's so I don't thing the cache is generated properly for each user since the user_id passed in the url is not taken into account. In that case, you've better implement a proxy that itself calls the api and caches the response regarding to the keys passed in the url. Hope it helps.
On Jun 15, 6:16 pm, François CONSTANT <francois.const...@gmail.com> wrote: > Hi, > > This is juste an idea : > > In your table user add one field "alternative_key" which will be for > instance md5("blabla" . $user->getId()); > > Use this alternative key instead of the user id to find the user > record in the database. > > "blabla" is here to make sure nobody will fool this system by trying > to get md5(34) to see user 34 historic. > > Hope it helps. > > On 15 juin, 17:53, Phil Moorhouse <moorhouse.p...@googlemail.com> > wrote: > > > Hi, I've just recently developed an order-history section for my > > users, and I want to cache the action as it's quite a hefty process > > (xml api call to a booking server that takes a while to generate the > > results). > > > Obviously I need something unique like say the user_id in the url to > > make sure the cache is unique to that user. > > > However, it seems that although the user has to be logged in to view > > the order-history, there is nothing to stop them substituting their > > user_id for someone elses to load another user's history if they've > > happened to cache it recently. > > > i.e. > > 1. User1 logs in, views order history which is then cached for 30 > > mins. > > 2. 10 mins later, User2 logs in, views the order history page, but > > then changes the userid to User1's, and gets his/her cached history > > displayed instead. > > > How do people prevent this from happening? > > > This is on symfony 1.0.20, using the standard symfony file cache. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---