php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50276 PHP cache headers do NOT override server headers
Submitted: 2009-11-24 00:50 UTC Modified: 2009-11-25 16:02 UTC
From: vector dot thorn at gmail dot com Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.3.1 OS: Fedora Linux
Private report: No CVE-ID: None
View Developer Edit
 [2009-11-24 00:50 UTC] vector dot thorn at gmail dot com 
Description:
------------
If this section is in your httpd.conf:
<FilesMatch "\.(php)$">
	Header unset Cache-Control
	Header unset Expires
	Header unset Last-Modified
	FileETag None
	Header unset Pragma
</FilesMatch>

Then the cache headers here will not be used:

$expires = 60*60*24*365;
$size = filesize("{$client_directory}/{$_GET['did']}");
$last = filemtime("{$client_directory}/{$_GET['did']}");
header("Content-Length: ".$size,true);
header("Etag: ".md5($last),true);
header("Server: Ionisis.com",false);
header("Cache-Control: max-age={$expires}, public,no-transform",true);
header('Expires: ' . gmdate('D, d M Y H:i:s',($last+$expires)) . ' GMT',true);
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $last) . ' GMT',true);
header("Content-type: audio/example");
header("Content-Disposition: attachment; filename=\"{$_GET['did']}\"");
readfile("{$client_directory}/{$_GET['did']}");

and even if you remove that section, and these headers are sent, the client is still not sending a "if-modified-since" header that can be captured at the server level for the php level.

Firefox 3.5, Apache 2.2, PHP 5.3, Fedora Linux

Reproduce code:
---------------
Just copy that code, and paste it in an file called download.php, and set it up so that it grabs an mp3 file, then beat your head into the desk for 2 days :D

Expected result:
----------------
I expected it to send the proper cache headers, despite what the server was preconfigured to send.

Actual result:
--------------
Had to remove the server's configuration section pertaining to caching php output.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-11-24 20:18 UTC] srinatar@php.net 
can you kindly rephrase your question. i am not too sure i understand your question here.

If I understand you correctly, you want to find out a way so that client (like browser) can request this page with 'If-Modified-Since' in its header so that the server doesn't have to send it again.

if this is your question, then this is a server configuration issue and nothing to do with a php engine.
 [2009-11-24 21:59 UTC] vector dot thorn at gmail dot com 
Yes and no. PHP was not sending the headers that i specified, which should have overwritten the default server headers. I had to REMOVE the configuration in the server itself that instructed it NOT to cache pages ending in "php", before php could send the cache headers to the browser.

In other words, afaik, php headers are supposed to implicitly have precedence over default server headers, this can further be ensured by using the optional second parameter/argument to the header function, and specifying it to be "true". Both ways php's headers that i wrote procedurally were never sent to the browser. I had to remove my configuration in the webserver (httpd.conf) that specified that php pages are not to be cached. Only then did my php headers that i specified get output to the client.

The if-modified-since header is not being sent by the browser on subsequent requests, but that has nothing to do with this bug, and that is a subject that i am still investigating as a separate issue. I just mentioned it because i'm retarded, and like to ramble....

Thanx ;)
 [2009-11-25 07:25 UTC] jani@php.net 
This is propably just Apache issue, I can change any headers using Fastcgi just fine.
 [2009-11-25 07:28 UTC] carsten_sttgt at gmx dot de 
| I expected it to send the proper cache headers,
| despite what the server was preconfigured to send.

No bug in PHP:
Header directives (mod_header) are processed just before the response is sent to the network (and after any content generator like PHP).
--> and if you configure mod_header to remove e.g. Cache-Control
 from the response headers, it's doing this....

Regards,
Carsten
 [2009-11-25 09:17 UTC] jani@php.net 
Thank you Carsten.
 [2009-11-25 16:02 UTC] vector dot thorn at gmail dot com 
Thank you for the clarification.
Well in your documentation it states that "the header should replace a previous similar header", so i thought that it was referring to all output headers, whereas now i see that it is only other php headers. You might want to flag that for clarification.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 05:01:27 2025 UTC