PHP :: Bug #5415 :: Strange expire header when session.cache

Bug #5415	Strange expire header when session.cache_limiter=private
Submitted:	2000-07-06 21:12 UTC	Modified:	2000-07-07 10:09 UTC
From:	root at mobigym dot se	Assigned:
Status:	Closed	Package:	Session related
PHP Version:	4.0.1pl2	OS:	Linux 2.2.15
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	root at mobigym dot se
New email:
PHP Version:		OS:

New Comment:

[2000-07-06 21:12 UTC] root at mobigym dot se

This bug is valid for configurations where session.use_cookies=1.

When session.cache_limiter=public my session featured PHP pages send correct HTTP headers, but when I set the previous mentioned parameter to ''private'' strange things happend...

This is normal:
Expires: Wed, 5 Jul 2000 20:15:44 GMT
Cache-Control: public, max-age=3600

But what is this?!:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=3600, pre-check=3600

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-07-07 10:09 UTC] stas at cvs dot php dot net

That's OK, that's to prevent caching.
Please, if you aren't sure it is a bug or not, ask on the list, do not submit bug report. Bug report is for something you sure is a bug.

[2002-10-26 11:21 UTC] php at savignano dot de

I'm quite sure that it's not okay. "private" does not mean that no caching should take place, instead it means caching is only okay for the client, not any proxies. 

If caching was to be prevented, then I must say that the Cache-Control header would be incorrect, since then it would have to be

Cache-Control: private, max-age=0, pre-check=0

Instead, the Cache-Control header allows caching for 1 hour (3600 seconds) while the Expires header prevents caching by using a long-ago date.

So, you must admit that, should you be right, the Cache-Control header was broken, and should root@mobigym.se and I be right, the Expires header was broken. How ever you look at it: these headers don't go together.

However, in my opinion, the Cache-Control in the example is correct, while the Expires header should have a date 60 minutes from when the header was written.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Sat Jun 03 21:03:40 2023 UTC