View Full Version : header("Cache-control: private");

11-03-2010, 01:00 AM
Does header("Cache-control: private") interfere with sessions at all?

I have a sign in page where after signing in, I'll run a calculation in the search box, and the session user id disappears. I'll log in again, and it works. What's odd is if I don't run a calculation, and just press a link on the left hand side, everything is fine.

I setup the following temporarily for anybody to check out the problem.


username: mctemp@hotmail.com
password: 12345

When it goes to the member page, go to the search box at the top right and type 13652+65.

Does the session disappear? (top right say signed in as Guest)

For me, sometime it does, sometimes it does not.

I suspect it may be this:
header("Cache-control: private");
I have this immediately after many of my session_start(); statements

Yesterday, I did not run into this problem too much.

11-03-2010, 02:04 AM
All that does is specify that the client machine alone can cache any data. It shouldn't interefere with the session.


11-03-2010, 06:24 AM
I found the issue(s) here:


I tried the session_write_close() and the not having the session declared on the login page. Neither worked. If I just click any link, but not run the search engine calculations which redirect, the session login id is kept.

I may have to take the long route, and tack on the logid on the redirect and mask it.

11-03-2010, 05:55 PM
Seem to recall having some weird type of problem with sessions at some point which may have been similar. Ended up using sessions just as a basic user system and hard writing most of the auth data required to extra columns in the session table to work around it, instead of just storing everything in the session and trusting that. I knew there was some genuine reason why my auth script was so convoluted and quirky. :D I think I noticed an occasional user misplacement on occasion before using my current method too, unless all previous session data was forcibly removed, even though a new session had been assigned. Sessions are, IMHO, a necessary evil but not a trustable one on their own.