Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Caching and Authenticated Users

Avatar

Level 1

Hello.  I am running into problems enabling caching on a AEM 5.6.1 site that is being developed for my company by a third party.  The site has custom authentication.  Authenticated and non-authenticated users access the same pages.  The authenticated users have access to cart (i.e. document and product bookmarking) functionality.

The documentation indicates that the Dispatcher will not return cached versions of a page if "[t]he authentication header is set".  It also states that "this can be configured" but provides absolutely no detail on how.  I can see in the header requests that our site id not using the basic HTTP authentication header.  It does create and pass a cookie for authenticated users.  Given the setup, how do I get the Dispatcher to not return cached versions for authenticated users?

1 Accepted Solution

Avatar

Correct answer by
Employee

...and the short answer is that

/allowAuthenticated "0"

(which is the default)

does not cache pages when authentication cookies/headers are present.

View solution in original post

7 Replies

Avatar

Employee

Hi,

I believe http://dev.day.com/docs/en/cq/current/deploying/dispatcher/disp_config.html#Caching%20When%20Authent... is what you are looking for. This defines what the dispatcher interprets as authentication.

Regards,

Justin

Avatar

Level 10

Have you read this AEM topic - it goes into more details about the Dispatcher and Cached Pages:

 

http://dev.day.com/docs/en/cq/current/deploying/dispatcher/page_invalidate.html

Avatar

Correct answer by
Employee

...and the short answer is that

/allowAuthenticated "0"

(which is the default)

does not cache pages when authentication cookies/headers are present.

Avatar

Level 1

I have read over that AEM topic and it does not apply to my particular issue.  I am not concerned with invalidating cached pages on the Dispatcher.

To reiterate, I need to know how (or if it is possible) to configure the Dispatcher to return cached pages to non-authenticated users while forwarding the requests to the publisher for authenticated users.

Avatar

Level 1

@Justin

So you are suggesting that I have our vendor do one of the following?

A.  Add the HTTP Basic Authentication (i.e. authentication) value to the header.
B.  Create or rename the current authorization cookie to "authorization" or "login-token".

Is there any definitive documentation or knowledge that indicates that this will work?

Avatar

Employee

Hi Don,

That's really a discussion to have with your vendor based on your custom authentication requirements. I'm just letting you know how the feature you were referring to works.

Regards,

Justin