Page 1 of 1

PHP Overriding Cache-Control Header

Posted: Fri Nov 13, 2009 9:02 am
by ShannyMan
I've been fighting an issue with PHP to disable caching on pages so that users are clicking the back button and seeing old data, or seeing anything they shouldn't once a user logs out. Here's the headers I'm setting:

Code: Select all

 
Header( "Cache-Control: no-cache", true); // HTTP/1.1 
Header( "Date: " . gmdate( "D, j M Y H:i:s" ) . " GMT" ); 
Header( "Expires: -1" ); 
Header( "Pragma: no-cache" ); // HTTP/1.0 
 
This was based off the headers getting sent by an ASP.NET app I have working correctly. Everything gets sent across fine with PHP except the "Cache-Control" setting, it keeps defaulting to "private." I've examined the headers before the page finishes getting sent to the browser, and the headers are correct.

I also learned there was a setting in php.ini that allows PHP to handle this. I found the setting and commented it out, here's what it looks like now:

;session.cache_limiter =nocache

Even before commenting it out, it should not have been setting the cache-control to private by the looks of it.

Anyone else had this issue, or know what I can do to resolve it?

Thanks!

Re: PHP Overriding Cache-Control Header

Posted: Thu Nov 19, 2009 2:49 pm
by ShannyMan
Nobody?

Re: PHP Overriding Cache-Control Header

Posted: Thu Nov 19, 2009 2:57 pm
by iankent
I don't think you can, its a browser issue. The browser keeps the data so if somebody accidentally clicks a link, you can go back without losing everything you entered in a form. I'm not sure this can be overridden with PHPs cache control.

The cache-control is as to whether the page itself is cached, so that if the user comes across it again (i.e., gets to it by any means other than Back/Forward) it doesn't need to be downloaded again unless the page has changed. This behaviour is ignored in Forward/Back for the above reason.