Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Mar 2010
    Posts
    235
    Thanks
    39
    Thanked 6 Times in 6 Posts

    header("Cache-control: private");

    Does header("Cache-control: private") interfere with sessions at all?

    I have a sign in page where after signing in, I'll run a calculation in the search box, and the session user id disappears. I'll log in again, and it works. What's odd is if I don't run a calculation, and just press a link on the left hand side, everything is fine.

    I setup the following temporarily for anybody to check out the problem.

    http://mathcelebrity.com/login.php

    username: mctemp@hotmail.com
    password: 12345

    When it goes to the member page, go to the search box at the top right and type 13652+65.

    Does the session disappear? (top right say signed in as Guest)

    For me, sometime it does, sometimes it does not.

    I suspect it may be this:
    PHP Code:
    header("Cache-control: private"); 
    I have this immediately after many of my session_start(); statements

    Yesterday, I did not run into this problem too much.

  • #2
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    All that does is specify that the client machine alone can cache any data. It shouldn't interefere with the session.

    http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
    http://www.mnot.net/cache_docs/

  • #3
    Regular Coder
    Join Date
    Mar 2010
    Posts
    235
    Thanks
    39
    Thanked 6 Times in 6 Posts
    I found the issue(s) here:

    http://bugs.php.net/bug.php?id=14636

    I tried the session_write_close() and the not having the session declared on the login page. Neither worked. If I just click any link, but not run the search engine calculations which redirect, the session login id is kept.

    I may have to take the long route, and tack on the logid on the redirect and mask it.

  • #4
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Seem to recall having some weird type of problem with sessions at some point which may have been similar. Ended up using sessions just as a basic user system and hard writing most of the auth data required to extra columns in the session table to work around it, instead of just storing everything in the session and trusting that. I knew there was some genuine reason why my auth script was so convoluted and quirky. I think I noticed an occasional user misplacement on occasion before using my current method too, unless all previous session data was forcibly removed, even though a new session had been assigned. Sessions are, IMHO, a necessary evil but not a trustable one on their own.
    Last edited by MattF; 11-03-2010 at 04:57 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •