Hello,
I've found that with page caching set to 'Normal' anonymous users can't vote. With previous version (1.13) and same cache everything was fine. I've made analysis of new module's code and think that problem is in form token which caches for anonymous users. When I've commented out this code in fivestar_vote() function:

if (!isset($_GET['token']) || !fivestar_check_token($_GET['token'], $path)) {
    $output .= '<xml><error>'. t('Invalid token') .'</error></xml>';
    exit($output);

Votes start to work for anonymous users. Can you offer a better solution for this problem? Because now fivestar didn't work for sites with normal cache setting and anonymous voters.
Files: 

Comments

Title:Problem with page cache and tokenProblem with page cache and token - anon users can't vote when cache is on
Priority:Normal» Critical

Anon users cannot vote on my site either, I only picked up on this from the lack of votes, so I tried to vote as anon and the vote never gets saved and no error message is returned. http://3rdworldthemes.org

I commented out the call to fivestar_check_token function in function fivestar_vote and now it works:
line 695: if (!isset($_GET['token']) /*|| !fivestar_check_token($_GET['token'], $path)*/)

I'm looking at $path in function fivestar_vote and wondering if that is the issue?

This is critical for me as I don't have logged in users and I need to use the cache.

I think problem with cached security token in vote form — for every anonymous user this token is the same, but fivestar_check_token() expect different tokens for every user. When page is cached, form token is static and equal for all users, so fivestar throws error "Invalid token". We need to rebuild this token for anonymous users (I don't think it's possible with page caching, but i'm not sure) or we need to remove this check from fivestar module code.

Status:Needs review» Fixed
StatusFileSize
new1.11 KB

I've applied the attached patch which lessens the restrictions on anonymous users. Since the page cache gives all anonymous users the same HTML output, we have to allow the same token to be accepted for all anonymous users.

Title:Problem with page cache and token - anon users can't vote when cache is onProblem with page cache and token - anonymous users can't vote with page caching

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.