As an alternative to DonutCache, does anyone see any issues with the following method of output caching. It appears to work without exposing any user data and caches the page correctly for everyone based on timestamp testing, which is my biggest concern. I just want to cover my bases before implementing it on my live site.
In Glogal.asax.cs
public override string GetVaryByCustomString(HttpContext context, string arg)
{
if (arg == "User")
{
if (context.User.Identity.Name != "")
{
return "User=" + context.User.Identity.Name;
}
else
{
return "User=Guest";
}
}
return base.GetVaryByCustomString(context, arg);
}
In Web.config
<caching>
<outputCacheSettings>
<outputCacheProfiles>
<add name="HomePage" duration="86400" varyByParam="*" varyByCustom="User" location="Server" />
</outputCacheProfiles>
</outputCacheSettings>
</caching>
*n Controller
[OutputCache(CacheProfile = "HomePage")]
public ActionResult Index()
{
return View();
}
Reference solution: Output cache per User
Your approach relies on the user's name (normally mapped to their given name) to be unique for all users, and that no actual user has the name "Guest".
A better approach would be to map it to the applications internal Id for that user.
if (arg == "User")
{
if (context.User.Identity.IsAuthenticated)
{
return $"User={context.User.Identity.GetUserId()}";
}
else
{
return $"User={int.MinValue}";
}
}