Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
Magnolia employs a web cache to store server responses so that future requests for the same content can be served faster. The chief benefit of using cache is a reduction in information load on the network, meaning less bandwidth used, reduced processing and improved responsiveness.
<dependency> <groupId>info.magnolia.cache</groupId> <artifactId>magnolia-cache-core</artifactId> <version>5.6.5</version> </dependency>
Although the Cache module is bundled as a separate module, it is essential to Magnolia and many other modules depend on it. Don't uninstall the Cache module. If necessary, disable caching by adding an
enabled node in Configuration >
/server/filters/cache and set its value to
How caching works
- Content not modified: If a client has the latest version of content (i.e. not modified), the browser cache policy instructs the filter to respond with "304 Not Modified".
- Modified content: If content has been modified or does not exist in the cache, the filter passes the request to the server cache policy. Server cache policy then analyses the request and replies with the expected behavior. The filter then invokes the appropriate executor. This mechanism allows you to add, remove and use executors by changing the current cache policy.
- Content not available: If the content is not available, the filter passes the request on to Magnolia. On the return trip, the filter reads the content from the response and stores it in the cache store for future use. Flush policy is completely independent from this chain and reacts on content changes rather than content served.
Cache configurations are defined in
/modules/cache/config/contentCaching/. Within each configuration you can define:
- What to cache.
- When to flush the cache.
- What header data to pass to browsers.
Specific implementations of tasks.
To select one of the cache configurations, set the
defaultContentCachingConfigurationName parameter in the Cache filter. The chosen configuration is read into a JavaBean using the Node2Bean mechanism, making it dynamically available to your own module code.
Caching behavior for each configuration is defined with policies.
Server cache policy
This policy defines whether the requested content should be cached or not. The decision to cache relies on voters, which are used whenever configuration values are not assigned at startup but depend on rules. Voters evaluate a rule such as "should content residing at this URL be cached" and return a positive or negative response. By default, all content on public instances is cached except the AdminCentral UI at
/.magnolia. Server cache policy is configured in
/modules/cache/config/contentCaching/defaultPageCache/cachePolicy. The default implementation (Default) checks if the content exists in the cache store and requests caching if the content is not found. The alternative class, Never instructs the cache not to store the generated content. Server side re-caching of no-cache requests (shift reload) are configurable and set to
false by default.
Cache key generator
You can define a custom cache key generator or configure the default one to meet your needs. cache config contentCaching defaultPageCache cachePolicy shouldBypassVoters ttlVoters cacheKeyGenerator useRequestParameters class info.magnolia.module.cache.cachekey.DefaultCacheKeyGenerator class info.magnolia.module.cache.cachepolicy.Default
|Default cache key attributes|
|Use URI as part of cache key.|
|Use request query as part of cache key.|
|Use request method (GET/POST/HEAD) as part of cache key.|
|Use server name as part of cache key.|
|Save information whether this request was made using a secure channel, such as HTTPS as part of cache key.|
|Use user name as part of cache key.|
|Use locale |
|Use channel |
Client (browser) cache policy
Allows for different policies for different content types. Voters are used to define the caching rules. These policies define how long the browser may cache each content type. The time is passed to the browser in the response header. The
option instructs the browser to cache the content for the specified length of time in minutes.
instructs the browser to do nothing. Client cache policy is configured in
The Flush policy defines when to flush the cache. There are two policies installed per default.
Changes in workspaces
This configuration observes changes (activation, import, edit) in a workspace and flushes the cache if new or modified content is detected. Cache can be flushed completely, partially or not at all. Each module can register its own flush policy (or multiple policies) and receive notification about new or modified content in each workspace. Flush policies are informed about changes in observed workspaces. The list of observed workspaces can be defined per policy under the
workspaces subnode of each policy or all workspaces will trigger cache flush unless defined under
excludedWorkspaces subnode (default configuration). If your custom workspace doesn't affect the content of pages, you should register it under excludedWorkspaces, otherwise a change in your workspace will unnecessarily flush the cache.
Changes in light modules
Magnolia 5.6.1+: A change in the light modules folder may also flush the server cache. See
/modules/cache/config/contentCaching/defaultPageCache/flushPolicy/policies/lightModule/pathToCacheMappings/defaultPageCache with the
pattern property, which specifies the pattern for the operation. The default value is
These are actions taken once a caching decision has been made. There are three possible actions:
useCache: Retrieves the cached item from the cache and streams it to the client.
store: Stores the response in the cache for future use.
bypass: Skips caching. This is useful for content that cannot or should not be cached.
Executors can be configured at
/modules/cache/config/contentCaching/defaultPageCache/executors. Each of the executors is also responsible for configuring expiration headers.
Compression is a simple and effective way to save bandwidth and speed up your site. It is a common practice used by Google and Yahoo! for example. (How to Optimize Your Site with GZIP Compression is a great general introduction to the topic.) Compression is performed in the gzip filter, configured in
/server/filters/gzip}. When a client requests a resource such as
index.html, Magnolia delivers it zipped. A typical HTML page is compressed to 20% of its original size. So if your page is 100 kB uncompressed, it is 20 kB compressed. To improve performance further, zipped content is streamed from the repository to the client rather than read into memory first.
text/css: Cascading Style Sheets.
To add more content types, such as XML, create a numbered property under
allowed. Use the Internet media type (MIME type) as value. Here are some common media types:
application/xhtml+xml: XHTM L.
text/csv: Comma-separated value.
text/plain: Textual data.
text/xml: Extensible Markup Languag.
application/pdf: Portable Document Format.
Accept-Encoding: gzip. Note that Magnolia does not cache big binaries.
To test your compression configuration, use a tool such as Web-Sniffer that allows you to change the
User-Agent sent headers easily. Here's what the headers look like when the Magnolia demo site home page is submitted to the sniffer.
In the Enterprise Edition advanced caching strategies are available in a separate.
Cache related commands are in the
flushAll: Completely flushes all caches. (Note that the imaging workspace - which technically is not a cache - is not flushed with this command.)
flushByUUID: Completely flushes all entries related to a given UUID from all available caches. This command expects
flushNamedCache: Completely flushes a cache by name. Default cache names are
By default, the following URLs are cached:
- On public instance everything except
/.magnolia/*which is AdminCentral.
- On author instance all static resources
magnolia.developproperty is set to
magnolia.develop property to
true in the default
magnolia.properties file. For more complex configurations, you need to adjust the configuration under the
Excluding content from cache
There are various reasons why you may wish to exclude content from cache. For example, you may have components that query an external data source dynamically. The rendered HTML changes even if the content of the Magnolia page has not changed. When we say cached content we mean the rendered output generated by Magnolia itself, the actual content of the page. When you exclude a page from cache you tell Magnolia that it should re-render that content every time the page is requested by a user.
Configuring an exclusion
The first option for excluding content from cache is to configure an exclusion in the cache policy. The example below excludes all pages whose URL starts with
/.magnolia. This means that AdminCentral pages are not cached.
Implementing a custom cache policy
To implement a custom cache policy, implement the CachePolicy interface and override the methods you wish to customize. The default policy:
...determines if a requested page should be cached, retrieved from the cache or not cached at all. It is called for every request and takes care of any expiration policy, that is if the page should be re-cached. The CacheFilter (or any other client component) can determine its behavior based on the return CachePolicyResult, which holds both the behavior to take and the cache key to use when appropriate.
Configure your custom cache policy class in
Cache header negotiation
Cache header negotiation is a mechanism that allows templates and components to influence whether the content should be cached and for how long. This mechanism can be used when it is too late to configure an exclude, but you do not wish for a page to be cached. Excludes are typically configured before it is clear what kinds of pages editors will add and what kind of content those pages will have. Cache header negotiation allows page components to influence whether the page should be cached. You can use cache header negotiation for:
- Live, dynamic data: A component that display dynamic data can indicate that the page the component is, or should be, cached only for a short duration: 5 minutes, 1 minute etc.
- Personalized content. Components that display personalized content can indicate that the page should not be cached at all.
- Error resolution: If a component fails to read data from an external source and outputs a message to say there is a problem, you may not want to cache the error message, at least not for long. Instead, it is better if the component makes another attempt at getting the data when the next visitor requests the page. When you configure caching in many components, remember that the strictest criteria wins. If a page has a component that indicates that content should not be cached, the page will not be cached regardless of what components say. For example, if the live data and personalization components mentioned above are added on the same page, the page won't be cached at all. A template can influence the decision in the same way. A template might want to cache the page for 10 minutes because the page displays real-time weather updates. If a component on the page wants to be cached for a maximum of 15 minutes, the template's instructions win because they are stricter. The page is cached for 10 minutes.
The following options are not best practices but they may help you during testing. Don't use them as a long-term production strategy.
- Dummy URL parameter: The simplest way to exclude content is to link to the relevant page with a dummy query parameter in the URL such as
bypassto the cache filter. This ensures that no cache filter is executed on particular URLs.
- Deny URLs in cache policy: To exclude a URL from caching, add the URL to the
denylist of the cachePolicy. Entries on the
denylist are not cached by Magnolia but are taken through the entire filter chain, meaning that other policies such as
BrowserCachePolicycan still be applied. In effect this solution, 'switches off' caching for the URL in question.
- Regular cache flush: Flush a page from the cache at regular intervals. This involves reconfiguring the underlying cache engine.
Setting cache headers
Cache header negotiation uses standard cache response headers. Cache needs to be enabled for the site or cache headers have no effect on the server side cache. The mechanism is built into the Cache module and requires no extra modules. Cache header negotiation is being introduced to Magnolia in two phases:
In code, developers set the cache headers in the rendering model of a component or a template. This is the current implementation.
Example 1: Setting a cache header in Java code, snippet from AbstractFormModel .
Example 2: Setting a cache header in a JSP template script.
Setting cache attributes in code
Available in version 5.3.2 or higher.
In memory threshold
This threshold is used to determine if a resource should be cached or not according to its size. The default value of 500K was not selected randomly, but as a result of testing that shown 98% of resources were served as fast from memory as from the repo when exceeding this value. This is mainly due to the fact that transport of such amount of data offsets time needed for accessing the repository.
You can still change this value programatically, e.g. in your custom renderer which does time-consuming operations:
You need to set this attribute before anything is written to the output.
Web Cache Poisoning
When creating page templates, developers often need to use various types of input such as
- request parameters,
- user information (for authentication).
Magnolia takes care of all of these attributes and includes them in cache keys to ensure that unique cache entries are generated for all attribute variants occurring. Sometimes, however, it may be unavoidable to use more exotic or less obvious variables such as specific header values, date/time values or other types of input. When using such parameters, developers must consider their impact on the validity of cache to prevent Web Cache Poisoning attacks.
Imagine using an HTTP referer header to change a teaser image link on a page. Once the image is rendered, it is - by default - cached and used for all the other incoming requests,
- as long as the cache entry is valid,
- and regardless of referer headers of those requests.
Depending on the content rendered it might or might not be an issue, but a case of Web Cache Poisoning occurs if somebody passes malicious content through a referer header that is trusted by and rendered for all the other incoming requests.
Always consider the character and the origin of the input entering the process of rendering a response. For any original request input,
- either the input must be included in the cache key, to allow Magnolia to generate an independent cache entry from it,
- or the component rendering such content needs to be marked as dynamic and excluded from the cache (see Dynamic page caching for more details),
- or else the whole page needs to be excluded from the cache.