How to solve this issue with the HTML5 manifest?_问答_开发者

How to solve this issue with the HTML5 manifest?

开发者 https://www.devze.com 2023-03-16 20:13 出处：网络

From my experiences so far, I\'ve concluded that the HTML5 Manifest scheme was really terribly designed.

相关专题：manifest

From my experiences so far, I've concluded that the HTML5 Manifest scheme was really terribly designed.

My site serves a manifest file when a user is logged in. Unfortunately, when they开发者_Python百科 log out, they can still access the cached protected materials. Can anyone think of a way to fix this?

A manifest file is designed to take a website offline and still be able to navigate. It essentially just tells the browser to download and keep that stuff in cache. If your adding secret stuff to the manifest and the user goes offline, he needs to be able to still access it - or whats the point of having a special logged-in-manifest-file if he has to be loggedin (therefor online)?

You could add javascript that checks if the user is online again and if he is, tries to validate the "login state" and redirects or removes the secret stuff from localstorage (if you would use localstorage to save the "secret" stuff and javascript to display it instead of a manifest file )

Lets say the secret stuff is an image and you are not using a manifest file, but just displaying images when the user is logged in and its crusial, the user cant view that image after logout, you would need to set the http headers to no-cache and cache-expire to some random date of the past, so that a normal user would see it anymore. Problem then is, that the image is downloaded everytime somebody visits the website..

You need to approach the HTML5 Application Cache in a different way. It is not useful for caching server-side dynamically generated pages, especially those that require a login to reach. The Application Cache has no concept of logins, nor securing a page from somebody with a different/no login.

It is much more appropriate for an AJAX-based site, where all HTML/CSS/JavaScript is static and registered in the Application Cache, and data is instead fetched via AJAX then used to populate pages. If you need to cache data in the application for offline use, then use one of the offline data storage mechanisms such as Local Storage/Session Storage, or IndexedDB, for data.

You can then make your own judgement on how much data you want to cache offline, since there's no way to validate a login without making a call to the server that is naturally inaccessable whilst offline.

What if when the user logs out or is not logged in they get a manifest with only network:*