|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #40686 Overly restrictive/invalid headers sent as session cache limiters
Submitted: 2007-03-01 22:52 UTC Modified: 2019-09-12 10:37 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: spam02 at pornel dot net Assigned:
Status: Open Package: *General Issues
PHP Version: 4CVS-2007-03-01 (snap) OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-03-01 22:52 UTC] spam02 at pornel dot net
Currently, *by default*, PHP sends *the most restrictive* anti-caching directives possible. 

* no-store is intended as a security measure, not regular cache-control
* must-revalidate alone doesn't prevent caching, just requires browser to revalidate it after it expires. This however, with no-cache prevents use of "offline browsing" feature.
* pre-check and post-check are non-standard directives that let Internet Explorer revalidate cached objects less frequently and/or asynchronously.

Please don't use these directives in the default configuration (called "nocache" cache_limiter), as their use in majority of cases is either unjustified or invalid and causes performance and usability problems (for example:

BTW: it turns out that Opera (and most likely other browser vendors) do not fully support these directives *because* PHP abuses them ( "This abuse is the reason why must-revalidate is only obeyed for secure sites.")

Reproduce code:
<?php session_start();

Expected result:
Cache-control: no-cache

Actual result:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-09-12 10:37 UTC]
-Package: Feature/Change Request +Package: *General Issues
 [2019-09-12 10:37 UTC]
JFTR: the IE specific directives are removed as of PHP 7.0.0.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Apr 14 14:01:29 2024 UTC