Drupal 7.15, boost 7.x-1.0-beta2, apache 1.3/2, php5 cgi, virtualhost.
Double cheked all the settings, configs, file perms, .htaccess etc etc. Not logged in during tests.

Only the 1st page accessed per session goes to cache, the others are not saved (no error or warning in watchdog, even with debug on). On the second I get

    [is_cacheable] => 1
)

When I turn off cookies, all cache pages are generated and saved (or when wget --no-cookies crawls the website).
And I get:

    [is_cacheable] => 1
    [header_info] => Array
        (
            [status] => 200 OK
            [status-number] => 200
.....

Any idea?

Comments

Anonymous’s picture

Assigned: Unassigned »

Boost only works when anonymous users surf the site, so if you are logged in then you would have a DRUPAL_UID cookie which would stop boost working. The wget is interesting though since wget shouldn't be logged in. It sounds rather like you have a module sending a DRUPAL_UID to anonymous users (I use wget on a cron job every day to freshen the cache), use the contact form by clicking on my name as I'd like to see the site and URL just to check a few things.

Thank you
Philip.

casta’s picture

Thanks for the info. I did some more testing.
When user is not logged and cookies are enabled, the 2nd visited page is not saved in cache and boost debug returns:

    [is_cacheable] =>
)

At this moment there is a session registerd, with uid = 0 (anonymous) and no BOOST_COOKIE defined.

I guess that the [is_cacheable] => FALSE is triggered in boost.module R275

  elseif (!drupal_page_is_cacheable()) {
    $_boost['is_cacheable'] = FALSE;
    return;
  }

and in includes/session.inc

    // If a session cookie exists, initialize the session. Otherwise the
    // session is only started on demand in drupal_session_commit(), making
    // anonymous users not use a session cookie unless something is stored in
    // $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
    drupal_session_start();
    if (!empty($user->uid) || !empty($_SESSION)) {
      drupal_page_is_cacheable(FALSE);
    }

So the cause of the problem may be the following: in my setup/drupal even anonymous users get a session (no idea why), and therefore session.inc flags the current page as non cacheable.

Anonymous’s picture

Status: Active » Closed (works as designed)

I've had a look at the site, in particular the cookie being set. The rewrite rules for boost look for a cookie DRUPAL_UID which is not set by an anonymous user in my testing. The interesting thing is that whichever page you go to first, is cached, click on any link though and the site attempts to establish a session cookie which is not normal drupal behaviour and testing on several personal sites with boost installed, (7.x branch), it's not boost.

I suspect you have another module that is establishing the session and triggering the code segment that you found above. (well done). I'd recommend going through your modules and trying to work out which one it is, I've been using lynx to test as it's very obvious when the session cookie pops up. I've also chosen different entry points into the website and the same thing happens e.g. entering through the contact link and then going elsewhere, the second page always requests a session cookie.

I've ruled out the comment and tracker modules in core. I would initially rule out php.ini and session.auto_start (simple phpinfo should show that up) and then also look for any hooks. You should have

php_flag session.auto_start off

in your root .htaccess file by default anyway. I'm closing this as it appears to not be boost setting this session.

nicolas bouteille’s picture

Ok, I've got exactly the same problem.
Even though this is not a bug from Boost, it definitely is an « still open » « support request » :)
If anybody has any clue about what or which module is causing the cookie and thus Boost to consider the page as not cacheable I would be glad to learn about it !

Nick

nicolas bouteille’s picture

Category: bug » support
Priority: Major » Normal
Status: Closed (works as designed) » Active

Updating to support request and re-opening it

nicolas bouteille’s picture

For what it's worth, I've isolated the cookie that is preventing Boost from caching the page :
Name : SESS49960de5880e8c687434170f6476605b
Content : zAP9XcfrG4AWf08BfXqiQhwqPhaScvGxS1g_vjUYUGc

Every time I visit a new page, the cookie is recreated.

nicolas bouteille’s picture

Alright I think I found the d*** module... Text Size « This module display a adjustable text size changer or a zoom function on the page for a better web accessibility. » It seems that in order to keep the selected size for anonymous users it needs to add a SESSION cookie to them so it breaks boost...
Maybe what i can do is try for the cookie to be generated only if the user chooses to have custom text size. For now the cookie is created anyway.

nicolas bouteille’s picture

Here's a post about Text Size setting cookies and how to disable them
http://drupal.org/node/1041878

Anonymous’s picture

Sorry, stepped away for a bit, but see that you've found the problem. The general overall picture is that we can only work within the scope of Drupal's login mechanism and if someone wants to add a module to do something custom, then they should use a differing cookie so that anonymous users are not assigned a login id, otherwise basically boost cannot work and also it does somewhat break the strict Drupal separation between anonymous and authenticated users which may also be a security issue with assigned roles.

I would submit a bug report to the module authors, pointing the above out.

nicolas bouteille’s picture

Title: Cache files not generated when cookies are enabled » Pages are not cached / not cacheable / caching won't work - except when cookies are disabled
Status: Active » Closed (fixed)

done.

bebelg’s picture

Issue summary: View changes

I get the same problem and I use the module text size.

Now I have to find which one of my module is using this f*** cookies

derek.adams’s picture

I ran into the same problem with the "Administration menu" module. If you navigate to 'admin/config/administration/admin_menu' and choose 'performance' in the tabs at the left, then uncheck 'Cache menu in client-side browser' and save the settings, the caching is no longer skipped.

jvsteiner’s picture

Hi, I've noticed an errant session cookie on my production site. I recently implemented custom ordering of my front page content using views: ie created a frontpage view, and set it to be the default front page in "Site configuration". When I do this, drupal sets a session cookie which prevents the boost from cacheing. When I set it back to the default "/" I get hits again.

Anonymous’s picture

Drupal is unlikely to set a session cookie (which would be DRUPAL_UID) and this means that you have an errant module that is using Drupal Core sessions, (not allowed) to implement some kind of function or block. You need to track down the module and then take it up with whomever developed the module, they need to set their own cookie specific to their module.

jvsteiner’s picture

Hi Philip,

after I posted, I was thinking the same thing. You are correct, I found the offending module. Thanks for your quick response!

voughndutch’s picture

Hello I am having similar issues. when i log in, try to clear cache, add content, or even update php i get internal server errors or page not found errors. i figured it might be a session cookie issue because im an authenticated user any hits on finding the offending module?

Anonymous’s picture

This does not sound like the same problem. It sounds more like a permissions problem if you are getting internal server error. Please open another bug and post more details of the errors you are receiving since this thread is closed.

leewoodman’s picture

Jvsteiner...which module was causin your issue?

bmunslow’s picture

Hi,

Just in case this helps someone.

I have been pulling my hairs for a few hours until I discovered the following modules were setting a session cookie even for anonymous users, which prevented Boost from caching the page:

filter_harmonizer
global_filter

Disabling them got boost caching pages normally again.

Anonymous’s picture

What would probably also hep is pointing out to the module maintainers that the login cookie is only for drupal's core use and should either be removed or set to a valid value (the id of the user), if they need a session function then they should use their own cookie. Even setting Drupal_UID=0 or -1 is not permitted but affects both the core drupal cache and disables boost.

TDBA’s picture

I have the same problem at the moment. In my case the session cookie set is:

Name: SESS08ba59d45e9592e4f86d7bb2c17da958
value: giSdE2UFNAX0zbQSWNP0ygi3eInLar4v4qCAsUIhsc0

My problem is that it's not a module that is doing that but a custom template/theme.

Isn't it possible somehow to get boost working even with just that simple session cookie (not a Drupal UID cookie)?

Anonymous’s picture

Boost is only disabled if DRUPAL_UID is set, therefore if you just have a session then there is something incorrect with your configuration. There is a difference between a Drupal Core session (DRUPAL_UID) and a php session (which you have), which is probably not explained very well above. the .htaccess rules only work if DRUPAL_UID is not set to any value (even 0, -1, null or false), the cookie must not exist..

TDBA’s picture

Hmm that is even stranger because I have the exact same behavior on the web site I am currently building.

Loading the site for the first time anonymously and the page get's cached. Clicking on a link and going to another page, that one does not get cached and I can find two cookies:
- has_js=1
- The mentioned HTTP session cookie

If I manually delete the session cookie and load another page or reload the same page, that page get's cached.

So as far as I can deduct the cookies does actively influence the caching (at least in my case).

Anonymous’s picture

message me privately with the site's location as I would like to see this as it is extremely unlikely that the session cookie is relevant, since DRUPAL_UID is hard coded in to the .htaccess file.

Anonymous’s picture

well the good news is that the .htaccess rules are working, the bad news is that for some reason the main boost functions that should only be disable by DRUPAL_UID are being disabled by the PHP session cookie. I can confirm this as deleting the session cookie, hitting reload, creates the cache and then .htaccess serves the page for an hour and the folder permissions must be set correctly as I can visit pages such as http://example.com/cache/normal/exmple.com/personal_.html correctly if I type the url into the browser.

What I believe is happening is that looking at boost.module there is a line

|| !empty($_SESSION['messages']) // do not cache pages with messages

and I strongly suspect that your template may be setting a message (whether it be null or not). On this side of the server this would be impossible to see but you should be able to place a little PHP into a page to display it and then modify the boost.module if statement to ignore the value.

TDBA’s picture

First of all thank you for personally looking into this!

Good idea but it sadly didn't work.

I deleted the or statement from the boost.module and I also searched through all of the template files for the session messages.

Nothing found and the behavior still exists even with the modified boost.module.

It would really help if I would know what generated that HTTP session.
I contacted the makers of that template already but no response as of yet.

Still what inside of boost prevents the caching when such a cookie exists?

Anonymous’s picture

Therein lies the problem there is nothing in boost that should be affected by a Session cookie, except for the "MESSAGE' section

 if (   strpos($_SERVER['SCRIPT_FILENAME'], 'index.php') === FALSE
      || $_SERVER['SERVER_SOFTWARE'] === 'PHP CLI'
      || ($_SERVER['REQUEST_METHOD'] != 'GET' && $_SERVER['REQUEST_METHOD'] != 'HEAD')
      || isset($_GET['nocache'])
      || variable_get('maintenance_mode', 0)
      || defined('MAINTENANCE_MODE')
      || !empty($_SESSION['messages']) // do not cache pages with messages
  ) {
    $_boost['cache_this'] = FALSE;
  }
  else {
    // More advanced checks
    $_boost = boost_transform_url();
    if (empty($_boost['menu_item']['status']) || $_boost['menu_item']['status'] != 200) {
      $_boost['cache_this'] = FALSE;
    }
  }

where you have just removed the MESSAGES sections I would suggest checking the values of $_boost['cache_this'] and $_boost['is_cacheable'] before the block and seeing if you can backtrace the trigger, I would be very interested to see what the trigger is as I can certainly see that the cache is being created and served at least once, there isn't anything in your .htaccess that could cause a skipping of the rules based on the existence of a cookie rather than the specific DRUPAL_UID cookie ?

TDBA’s picture

I placed a

foreach ($_boost as $key=>$value){
	echo ('Key: '.$key.'<br />Value: '.$value.'<br /><br />');
}

exactly below the code block you inserted.

Next to other content I get

Key: is_cacheable
Value: 1

at all times so after loading the page for the first time (without the cookie) and after subsequent loading (with the cookie).

I do not see "cache_this" so I am assuming it's never been set (unless I do so forcefully).

Regarding the .htaccess file: It's a fresh file from a fresh Drupal download.
I only added two things:
- The password protection (as the last entry)
- the boost code generated from the system at the right position within the file.

Anonymous’s picture

cache_this is only ever set to FALSE, I don't think that that is the problem though. The code block is the main block in PHP which corresponds to the .htaccess rules so it would be logical to assume that the session cookie was triggering something in there and it would be helpful to know what (except that it appears that the rules are passed).

It is normal to need to refresh the page to get the cached version, first time it hits the page and saves it out, second time .htaccess takes over and pass the html back. In your case it appears that the session cookie needs to be deleted for all subsequent pages to be generated and I can't see from this side what is triggering this behaviour. Taking the front page as an example, if deleted, if it always generated ? I've just generated it myself, then after it is presented, then does going to /personal also generate the page ? (you'll have to remove the pages from the cache) or does the existence of the session cookie stop pages being written out, so one would

delete cached pages
go to index/ home
check if cache has been written out,
confirm that a session cookie has been set
visit /personal to see if a cached page gets written or whether it requires the deletion of the session cookie to be written.

something that might be worth trying it

setting session.auto_start=0

or php_value session.auto_start 0 in the top of .htaccess (it might be php_flag session.auto_start 0 ) it may solve the immediate problem but not the long term one. I'm pretty sure it's one of the page generation functions, so I'd be now looking to put that code above into the function boost_exit and then working backwards to see what triggers the flags to be set to false.

TDBA’s picture

Sooo to sum up the tests I did this morning:

As I said before the .htaccess file is a Drupal default file so there is an entry "php_flag session.auto_start off". Changing off to =0 does nothing.

The test process with the pages is exactly as you described. Loading the front page as anonymous with an empty cache and without cookies generates the _.html and sets the cookie. Going to another page does not generate subsequent cache pages. Deleting the cookie and then going to another page generates a cached copy.

Testing within the "function boost_exit($destination = NULL)" using " echo ("Here!");":
It seems that the function goes into the first

if (!isset($_boost['cache_this'])) {

but after that it does not go into the next if and not into the next elseif but it arrives at the closing } of the outer if statement.

function boost_exit($destination = NULL) {
  global $_boost;
  // Bail out of caching.
  if (!isset($_boost['cache_this'])) {
 echo ("Here!");
    if (!isset($_boost['is_cacheable'])) {
      return;
    }
    elseif (!$_boost['is_cacheable']) {
      return;
    }
 echo ("Here!");
  }

It does that every time with and without the cookie.

After that, looking at the next four options if elseif block: Without the cookie it ignores all four but with the cookie it goes into the last elseif

elseif (!drupal_page_is_cacheable()) {

So in conclusion I am assuming the Drupal API sais drupal_page_is_cacheable()=FALSE and boost stops when the cookie is set right?

--------

Update:
I just found this nice page: http://facingworlds.com/drupal-7-bootstrap-explained-drupalbootstrapsession-and-drupals-session-handling

Manipulating the Drupal file "includes/session.inc" in line 252 and commenting out lines 252-254 boost works!
So what is it?

    if (!empty($user->uid) || !empty($_SESSION)) {
      drupal_page_is_cacheable(FALSE);
    }

That seems kind of off to me. Why does Drupal say that pages are not cachable just when a session is open?
I can imagine that many modules (mis-)use sessions to store all kind of things even for anonymous users!

How to proceed from here? Two options for me: Manipulate a Drupal core file or manipulate the boost.module.
You can't answer me why this check is in the Drupal file and what for exactly but I hope you can tell me why that check that checks the Drupal API value is in boost.

If I would simply delete the last elseif in the boost.module could that have other unforeseeable consequences?

After finding this five year old article I kind of ask myself just why: https://www.drupal.org/node/590614

Anonymous’s picture

Well the reason that boost uses the drupal_page_is_cacheable function is that if a DRUPAL_UID is set e.g. a non anonymous user is present then boost disables, also if something were to go wrong even on the anonymous side and a message sent by another module, then that page should be flagged a not cacheable so that it didn't hang around and present potentially compromising information to non-anonymous people. I agree something has not been very well though out, since having seen the if clause where $_SESSION['messages'] was set, I did think that it was a little off when really there should be a drupal core mechanism for $_COOKIE['DRUPAL_UID']['messages'] which would then also be linked in to the roles side of thing so that the correct people got the message too.

This theme you have, I would suggest having a look through and seeing if there are any session functions in it before disabling boost or a core function. Also a small concern has popped up, I've looked at your site for a few days now with firebug on and I cannot recall having ever seen a http 401 header which suggest a flaw in firebug because authentication is certainly requested and I was wondering if that triggered the session cookie so it might the worth temporarily turning that off just to check.

I agree with you about that five year old article and of ask myself why it will only be fixed in drupal 8, when in all likelihood boost will not exist in drupal 8 with the change over to the symfony framework and it's inbuilt file based caching, I've yet to see any concrete documentation but my feeling is very much that boost will become obsolete.

Anonymous’s picture

print_r($SESSION) would probably help to find out what it's got inside, or with shell access then

grep -i session_  `find sites/all/themes -type f`

if the themes is setting the cookie, that should pull any PHP functions related to session handling

TDBA’s picture

That's what you get for using a pre-made bought "premium" theme... my company decided on that to "save time" and now I am stuck with that -_-

Regarding your firebug and 401 header comment: I can't quite follow you what you mean by "temporarily turnign that off".

Regarding the sessions I inserted a check into the session.inc within Drupals function drupal_session_commit()

if (!empty($_SESSION)) {
print "<pre>";
print_r($_SESSION);
print "</pre>";
}

And yes the theme starts three sessions:
"stime", "default_preset" and "default_direction"

stime seems to check a timestamp of last changes for settings, the preset seems to relate to a custom css generation internal function and the direction is ltr.

In the end whatever! I guess these are essential for the theme to run properly so now I am stuck with the two options above:

1. I can delete from boost

  elseif (!drupal_page_is_cacheable()) {
   $_boost['is_cacheable'] = FALSE;
    return;
  }

or 2. I can remove the OR part from

    if (!empty($user->uid) || !empty($_SESSION)) {
      drupal_page_is_cacheable(FALSE);
    }

out of the session.inc

I don't want to pass on boost for the site because anonymous traffic will be all the traffic (no login planned).

Should I roll a die or do you want any pros or cons for any of the two "quick fixes"?

I guess I will go with the "five year old patch" https://www.drupal.org/node/590614#comment-2324014 that seems to be the right way.

Anonymous’s picture

I feel it would be safer to add an extra statement to the core code below

if (!empty($user->uid) || !empty($_SESSION)) {
      drupal_page_is_cacheable(FALSE);
    }

like

if (!empty($user->uid) || (!empty($_SESSION && !empty($_SESSION['time'] && ...)

and hope that it has no negative impact on the theme itself. What concerns me is that boost is specifically designed not cache those private pages where information could be revealed like login.php and I would prefer to rely on the core mechanisms.

Regarding the 401 section, I just wondered what happened if you briefly turned off the Basic Authentication in the .htaccess file, I think this is a last chance hope, but some versions of apache have been known to do odd things with rewrite rules due to a bug that was later fixed but the original bug is still floating around in some distributions even with updates and the boost rules state that the response should be HTTP 200 so I was wondering if the initial HTTP 401 when one enters the password could in theory still be passed to the .htaccess file a second time and therefore skip the rules (I have no evidence of this but find it odd that I have seen no 401 headers when authenticating in firebug).

TDBA’s picture

Now I get what you meant. Made a quick test without the password authentication but no change so I will manipulate the session file.

I will also try talking to a system administrator next week. Maybe there are problems with the server instance too.

For now we can make a break here, put the lid back on and hope it stays there.

Thanks again for your co-operation.

Anonymous’s picture

I've thought very hard about this and my advice is strongly "use another caching system with that template" do not alter any code. I believe that the underlying reason for the session is to make the website appear differently to tablet/ mobile users instead of having a responsive template that adjusts the css automatically. What concerns me is that user A visits the site using a mobile, user B visits the website using a computer, user B gets to see the version of the site that is mobile and requires touch screen navigation because boost has cached it.

I believe that the purchase of the template was not thought through by someone conversant with drupal and boost. The only thing that may be an alternative avenue is to rewrite a large section of the htaccess code to store different caches based on the values stored in the session which would have to be pulled out in PHP and set as a cookie, then boost would need major modification to remove stale cached files in the different cache locations. It is not an easy answer, and I'm sorry.

swim’s picture

This issue & this article should help. They cover where (some) conditional functionality should live when using a caching mechanism such as Boost.

TDBA’s picture

Many/Some parts of that template are written with CSS3 media queries but who knows if there isn't some cheap shortcut via other means. I found many questionable design and coding decisions in PHP/CSS/JS code already so yeah maybe.

For the time being the "decision maker" want to prioritize something else but I will get back to that shortly.
Thanks for the additional considerations and tips.

P.S.: Still no answer from the creators of that theme.

tim520’s picture

Hi TDBA,

How did you solve this problem finally ? I met the same problem with yours.

Thanks

Prancz_Adam’s picture

Hi,

Same issue here. But I can not find any session cookie.
Any update or solution? Delete this from boost solve the problem:

elseif (!drupal_page_is_cacheable()) {
   $_boost['is_cacheable'] = FALSE;
    return;
  }

I'm using the latest dev version.

Can has_js cookie couse this issue?

hassebasse’s picture

Thank you Prancz_Adam, you made my day !!!