I’m developing a Drupal 8 project which interacts with an external API. This API handles user authentication, completely bypassing the Drupal user system. This means that logged in API users are treated as anonymous Drupal users.
I have created a module that utilises the PrivateTempStore to store user sessions. This works as expected. However, what I am unclear about, is the best practice as far as utilising the Internal Dynamic Page Cache and Internal Page Cache modules.
At the moment, any user session sensitive blocks or pages that my module outputs are set to have a maximum cache lifetime of zero – to ensure that, for example, the user’s account page is not served from the cache.
Is this the correct approach, or would I be best at least disabling the Internal Page Cache module – which specifically targets anonymous users?
The site will be hosted on the Acquia platform, so Varnish will likely be utilised.
For that same reason, is it better to disable one or both of the Drupal caching modules?
Sponsored by SupremePR