Hi, is your request for order-history done via a SOAP call? If it's so
I don't thing the cache is generated properly for each user since the
user_id passed in the url is not taken into account. In that case,
you've better implement a proxy that itself calls the api and caches
the response regarding to the keys passed in the url.
Hope it helps.
On Jun 15, 6:16 pm, François CONSTANT <francois.const...@gmail.com>
wrote:
> Hi,
>
> This is juste an idea :
>
> In your table user add one field "alternative_key" which will be for
> instance md5("blabla" . $user->getId());
>
> Use this alternative key instead of the user id to find the user
> record in the database.
>
> "blabla" is here to make sure nobody will fool this system by trying
> to get md5(34) to see user 34 historic.
>
> Hope it helps.
>
> On 15 juin, 17:53, Phil Moorhouse <moorhouse.p...@googlemail.com>
> wrote:
>
> > Hi, I've just recently developed an order-history section for my
> > users, and I want to cache the action as it's quite a hefty process
> > (xml api call to a booking server that takes a while to generate the
> > results).
>
> > Obviously I need something unique like say the user_id in the url to
> > make sure the cache is unique to that user.
>
> > However, it seems that although the user has to be logged in to view
> > the order-history, there is nothing to stop them substituting their
> > user_id for someone elses to load another user's history if they've
> > happened to cache it recently.
>
> > i.e.
> > 1. User1 logs in, views order history which is then cached for 30
> > mins.
> > 2. 10 mins later, User2 logs in, views the order history page, but
> > then changes the userid to User1's, and gets his/her cached history
> > displayed instead.
>
> > How do people prevent this from happening?
>
> > This is on symfony 1.0.20, using the standard symfony file cache.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
