Fix: Critical cache key collision bug in ApiModelCache #181
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…in cache key Previously, generateQueryCacheKey() only included a hardcoded whitelist of 11 parameters, causing cache key collisions when different filter values were used (e.g., type=customer vs type=contact generated the same cache key). This fix includes ALL query parameters in the cache key generation, excluding only internal/cache-busting parameters like '_', 'timestamp', 'nocache', and '_method'. Impact: - Fixes data integrity issue where different queries returned cached results from other queries - Ensures accurate cache HIT/MISS behavior for all filter combinations - Backward compatible - existing cache keys will naturally expire and regenerate Example: Before: /contacts?type=customer and /contacts?type=contact had SAME cache key After: /contacts?type=customer and /contacts?type=contact have DIFFERENT cache keys
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Critical Bug: Different API queries with different filter parameters were generating identical cache keys, causing data integrity issues where users received cached results from other queries.
Example
Both queries generated the same cache key:
{api_query}:contacts:company_xxx:v1:71931a6d2abd2d6c69b7ec6290dd3361This meant users requesting
type=contactcould receive cached results fromtype=customerqueries, and vice versa.Root Cause
The
generateQueryCacheKey()method inApiModelCache.phponly included a hardcoded whitelist of 11 parameters:Any filter parameters not in this list (like
type,status,category, etc.) were ignored in cache key generation.Solution
Changed from a hardcoded whitelist to including all query parameters in the cache key:
Impact
✅ Fixes data integrity issue - Different queries now generate different cache keys
✅ Accurate cache behavior - HIT/MISS status now reflects actual query uniqueness
✅ Backward compatible - Existing cache keys will naturally expire and regenerate
✅ No breaking changes - Cache mechanism remains unchanged
Testing
Verified with test cases:
type=customerhash:333e10182061e4f35013c092e7524789type=contacthash:bad2d03c864b9474d63bb155dc8e8d08Deployment Notes
After deploying this fix:
X-Cache-Statusheader to verify correct HIT/MISS behaviorredis-cli FLUSHDBFiles Changed
src/Support/ApiModelCache.php- UpdatedgenerateQueryCacheKey()methodRelated Issues
This fix addresses cache key collisions for any filter parameters not in the original hardcoded list.