I was just alerted to a major issue with caching usercontrols on our site. We have a typical contact form in a .NET usercontrol. In the macro properties, I had "Cache By Page" checked. The assumption is since the form never changes that it would be safe to cache it.
Where the fun begins is not only is the form cached, but any data typed into the form is cached as well! When a user pulls up the form after someone else has previously used it, the previous person's data appears in the form!
How in the world can Umbraco allow such a blatant security violation to occur?
True but if your form doesn't change and there is no logic that happens when it first loads I don't see how there would be much of a benefit to caching it. The macro cache really helps when there is a lot of server side action that needs to happen before the macro is presented to the user, for instance looping through a large number of nodes to create links, etc.
Usercontrol Cache EXTREMELY Dangerous!
I was just alerted to a major issue with caching usercontrols on our site. We have a typical contact form in a .NET usercontrol. In the macro properties, I had "Cache By Page" checked. The assumption is since the form never changes that it would be safe to cache it.
Where the fun begins is not only is the form cached, but any data typed into the form is cached as well! When a user pulls up the form after someone else has previously used it, the previous person's data appears in the form!
How in the world can Umbraco allow such a blatant security violation to occur?
True but if your form doesn't change and there is no logic that happens when it first loads I don't see how there would be much of a benefit to caching it. The macro cache really helps when there is a lot of server side action that needs to happen before the macro is presented to the user, for instance looping through a large number of nodes to create links, etc.
is working on a reply...