caching and anonymous user

This is a pretty major hole. The whole reason we want to use this module is for anonymous users -- we already have appropriate security on nodes and pages for our registered users. Any chance of a fix?

Changing priority to "critical."

I can't turn off caching for performance reasons, and I need to keep the protected pages from being indexed by search engines, so url_access isn't going to solve my problem, either.

Turning off caching selectively for protected nodes needs to be part of this module. The module doesn't work correctly without it.

I've never tried to implement a hook function. Would it look something like this?

/**
 * Implementation of hook_exit()
 */
function protected_node_exit($destination) {
  db_query('UPDATE {counter} SET hits = hits + 1 WHERE type = 1');
  cache_clear_all();
}

Do we want to specify the table of the cache_clear_all statement?

Basically this can't be solved with effective caching. Drupal completely ignores every and all node handling hook while loading the cached page.
Either we delete all cached pages every time an anonymous visits a protected node (defeats the whole caching thing) or don't use caching. Currently I'm working on a hack to circumvent this.

I think what we need to be able to do is turn off caching just for protected pages. Can that be done?

AFAIK the answer is no. Caching does not have any hooks or configuration possibility. If you switch it in, then every and all page load which was requested by an anonymous user will be directed to output buffer and at the end of page generation gzipped and pushed down to cache_page table.

I also can't delete the cache table selectively, because I cannot identify pages which contain protected node content. Catch 22.

Still, I think about the problem when I have some spare time, but currently I don't see any method to fix this in the distribution.

One thing tough the modification of the Drupal core on your site but I usually dislike this option.

Edit: The only possibility I see right now is PHP PECL extension named Runkit. With runkit I can redefine the Drupal core function which actually does the caching without modifying the core. But requiring non-default install extensions isn't the best way to win the heart of the users...

This bug cannot be fixed the way the submitter reported. Caching must be disabled completely if the anonymous users must access a protected content. The 5.x-1.1 release checks whether caching is enabled and does not allow anonymous users to access to the protected contents if it is enabled. Instead redirects them to login.

I'm glad to report that I just found out $GLOBALS['conf']['cache'] which controls the caching of the currently generated page. I've done some preliminary tests and it seems to fix the problem perfectly.

5.x-1.2 will contain the fix.

Excellent! I look forward to testing the fix.