Vulnerability in EPiServer.Forms
I just noticed that, when our customers log in on our homepage, the content is never cached. This makes sense for webeditors - but can I somehow also display cached content to logged in customers/users?
Personalized content will be problematic. Access rights and filtered links as well. I would implement caching using object caching if you need it for logged in users. There are plenty of opportunities to shoot yourself in the foot though :)
If you want to force caching on some page types, like articles or similar, where you know you won't have personalized content, you can use this attribute:
public class ForceContentOutputCacheAttribute : ContentOutputCacheAttribute
this.UseOutputCacheValidator = (principal, context, duration) =>
if (duration != TimeSpan.Zero)
return context.Request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase);
And on your controller:
[ForceContentOutputCache(Duration = 3600)]
public class ArticleController : PageController<ArticlePage>
Thank you very much for the inputs.