Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I seem to be the only guy that can't stop my PHP files caching ... so I thought someone might help me out ...
My Flash Movie submits a sendAndLoad to my php file ... the file collects data from a mysql database ... and the results are sent back to flash using the echo command in php. This all works fine right now.
When i put the PHP headers in to try and stop the php file caching the results are no longer being received.
The headers i am using are below:
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
When i edit the cahced file in my Temporary Internet Files folder i find it is the results from my mysql searches i am echoing back to be used in flash.
The browser will cache pages as it chooses, the headers simply request that it doesn't. Generally, a small amount of caching will always be done, but a well behaved browser will still honor the request to fetch the page again by considering it expired.
What I have found is that if I run the PHP file independently then it will not cache ... but when I run it as a sendAndLoad command from my flash movie it caches every time ... not sure I'll be able to get help on this.