TASK: Make sure cache is not used with cookies

Author: kitsunet

Classes/Http/RequestInterceptorComponent.php

@@ -6,6 +6,8 @@
 use Neos\Flow\Http\Component\ComponentChain;
 use Neos\Flow\Http\Component\ComponentContext;
 use Neos\Flow\Http\Component\ComponentInterface;
+use Neos\Flow\Security\SessionDataContainer;
+use Neos\Flow\Session\SessionManagerInterface;
 use function GuzzleHttp\Psr7\parse_response;
 
 /**
@@ -25,6 +27,18 @@ class RequestInterceptorComponent implements ComponentInterface
      */
     protected $enabled;
 
+    /**
+     * @Flow\Inject(lazy=false)
+     * @var SessionManagerInterface
+     */
+    protected $sessionManager;
+
+    /**
+     * @Flow\Inject
+     * @var SessionDataContainer
+     */
+    protected $sessionDataContainer;
+
     /**
      * @inheritDoc
      */
@@ -43,6 +57,10 @@ public function handle(ComponentContext $componentContext)
             return;
         }
 
+        if ($this->sessionManager->getCurrentSession()->isStarted() && !empty($this->sessionDataContainer->getSecurityTokens())) {
+            return;
+        }
+
         $entryIdentifier = md5((string)$request->getUri());
 
         $entry = $this->cacheFrontend->get($entryIdentifier);

Classes/Http/RequestStorageComponent.php

@@ -60,6 +60,10 @@ public function handle(ComponentContext $componentContext)
             return;
         }
 
+        if ($response->hasHeader('Set-Cookie')) {
+            return;
+        }
+
         $entryIdentifier = md5((string)$request->getUri());
 
         $lifetime = $this->contentCacheAspect->getShortestLifetime();