|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #5415 Strange expire header when session.cache_limiter=private
Submitted: 2000-07-06 21:12 UTC Modified: 2000-07-07 10:09 UTC
From: root at mobigym dot se Assigned:
Status: Closed Package: Session related
PHP Version: 4.0.1pl2 OS: Linux 2.2.15
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: root at mobigym dot se
New email:
PHP Version: OS:


 [2000-07-06 21:12 UTC] root at mobigym dot se
This bug is valid for configurations where session.use_cookies=1.

When session.cache_limiter=public my session featured PHP pages send correct HTTP headers, but when I set the previous mentioned parameter to ''private'' strange things happend...

This is normal:
Expires: Wed, 5 Jul 2000 20:15:44 GMT
Cache-Control: public, max-age=3600

But what is this?!:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=3600, pre-check=3600


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-07-07 10:09 UTC] stas at cvs dot php dot net
That's OK, that's to prevent caching.
Please, if you aren't sure it is a bug or not, ask on the list, do not submit bug report. Bug report is for something you sure is a bug.
 [2002-10-26 11:21 UTC] php at savignano dot de
I'm quite sure that it's not okay. "private" does not mean that no caching should take place, instead it means caching is only okay for the client, not any proxies. 

If caching was to be prevented, then I must say that the Cache-Control header would be incorrect, since then it would have to be

Cache-Control: private, max-age=0, pre-check=0

Instead, the Cache-Control header allows caching for 1 hour (3600 seconds) while the Expires header prevents caching by using a long-ago date.

So, you must admit that, should you be right, the Cache-Control header was broken, and should and I be right, the Expires header was broken. How ever you look at it: these headers don't go together.

However, in my opinion, the Cache-Control in the example is correct, while the Expires header should have a date 60 minutes from when the header was written.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Jun 03 21:03:40 2023 UTC