I am making my own base controller since I want to pass some data to a master page. Now since this is like adding this code to every view in that controller it gets run every time.
By the time it loads up the first time I think it has hit my code at least twice. So I was thinking about caching it. But in my book it says don't cache private data since everyone will see it.
So I am not sure what to do.
What my couple lines of code does is this.
- Finds the user name and displays it to the user.
- Find the users plan and displays that.
So I need the userName to find out what their GUID so I can find out what plan they signed up for.
So I don't know how to cache it but not expose it to everyone. Is there away to make it cache just for this user?
Quote Asp.net mvc framework unleasehd pg 330
Don't Cache Private Data
Caching a page that contains private user data is extremely dangerous. When a page is cached on the server, the same page is served to all users. So, if you cache a page that displays a user credit card number, everyone can see the credit card number (not good!).
The same page is cached for all users even when you require authorization. Imagine, for example, that you create a financial services website and the website includes a page that displays all a user's investments. The page displays the amount of money that a user has invested in a set of stocks, bonds, and mutual funds.
Because this information is private, you require the user to log in before seeing the page. In other words, each user must be authorized before the user can view the page.
To improve the performance of the financial services page, you decide to enable caching for the page. You add the OutputCache attribute to the controller action that returns the page.
Don't do that! If you cache the controller action that returns the financial services pages, the private financial data for the first person to request the page will be shared among every subsequent visitor to the application.
In general, adding the OutputCache and Authorize attribute to the same controller action opens a security hole. Avoid doing this: