Hi,

When I begin session with session_start() PHP sets an Expired-header. I
suppose that's fine for the sake of unwanted caching.

Unfortunately, Firefox seem to reload a page that's expired when using
the browser's "Back" navigation instead of showing the page as it was as
the user left it.

This seem to complicate some things. If I create a page with a form, the
user submits it and press "back", the page is reloaded and the form is
wiped instead of preserving the values as they were when the user
submitted/left the page.

I'm curious if there is a simple, acceptable workaround like disabling
the Expires-header?

I'm *not* looking for a solution where the session stores the form
values and insert them into a value attribute. This won't work:
1. There is no way to distinct whether the user pushed "back" or clicked
on a link to request the search page. The variables should be kept in
the first situation but not in the second (and looking at the Referer
header would be considered a hack as well).
2. Users can have multiple windows/tabs open which should not interfere
with the navigation.

It seems like Opera, Internet Explorer, links, lynx and w3m behave more
reasonable. I believe that W3 also states that when using back buttons
browsers should always show the page as when the user left it and not
requesting it at new.

Even if it is a bug in Firefox I would still like to know whether there
is an acceptable workaround that would reduce the number of requests and
make Firefox use the cached page (or cache the page in the first place).

--
- Peter Brodersen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Hi Peter,

> When I begin session with session_start() PHP sets an Expired-header.
> I suppose that's fine for the sake of unwanted caching.
>
> Unfortunately, Firefox seem to reload a page that's expired when using
> the browser's "Back" navigation instead of showing the page as it was
> as the user left it.

You might find this article helpful:

http://shiflett.org/articles/guru-speak-nov2004

I suspect that Firefox's behavior is based on their interpretation of
the HTTP specification. If you read section 14.9.2 of RFC 2616, you'll
see the following statement about the no-store directive:

"If sent in a response, a cache MUST NOT store any part of either this
response or the request that elicited it. This directive applies to both
non-shared and shared caches."

A browser's history mechanism relies on a non-shared cache, the
browser's cache. If a browser isn't allowed to store the resource, it
can't redisplay the resource without sending another request.

There's another relevant section of the RFC, section 13.13:

"History mechanisms and caches are different. In particular history
mechanisms SHOULD NOT try to show a semantically transparent view of the
current state of a resource. Rather, a history mechanism is meant to
show exactly what the user saw at the time when the resource was retrieved."

This seems to conflict with the earlier statement, and I think this is
the reason for the inconsistent implementations in the industry. This
particular statement attempts to distinguish between the history
mechanism and caches, a distinction that doesn't naturally exist.

I don't really fault Firefox for abiding by the no-store directive, nor
do I fault Internet Explorer for ignoring it.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Hi Chris,

On Fri, 02 Dec 2005 19:21:43 -0500
Chris Shiflett <shiflett [at] php.net> wrote:

> You might find this article helpful:
>
> http://shiflett.org/articles/guru-speak-nov2004

Very helpful indeed! I was mainly focused on the "Expires" header, but
changing the Cache-Control output (by setting session.cache_limiter to
'private') seem to make everything work.

private_no_expire could also be a possibility. I think I'll read the RFC
a bit more to see which one would be the most appropate one in my
situation.

> This seems to conflict with the earlier statement, and I think this is
> the reason for the inconsistent implementations in the industry. This
> particular statement attempts to distinguish between the history
> mechanism and caches, a distinction that doesn't naturally exist.

Tell me about it. Earlier this evening I fell over a strange behaviour in
IE, Firefox and Opera. Point one window to a URL pointing at an image.
Overwrite the image with a new one. Open another window/tab and open the
new image (at the same URL). Get properties for the old image in the old
window.

Both IE and Firefox would provide the correct information about image
dimensions but would get the file size from the new image. Opera will
replace the old image in runtime leading to spurious graphic updates.

The whole concept about the history mechanism (and even content in
current open windows) opposed to a cache is a bit mind boggling.

> I don't really fault Firefox for abiding by the no-store directive, nor
> do I fault Internet Explorer for ignoring it.

Agreed. Furthermore, the change in cache_limiter makes very good sense
in this context and doesn't seem like "just a hack".

> Hope that helps.

Very much. Thanks for the quick and precise reply!

--
- Peter Brodersen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On Fri, Dec 02, 2005 at 07:21:43PM -0500, Chris Shiflett wrote:
> Hi Peter,
>
> >When I begin session with session_start() PHP sets an Expired-header.
> >I suppose that's fine for the sake of unwanted caching.
> >
> >Unfortunately, Firefox seem to reload a page that's expired when using
> >the browser's "Back" navigation instead of showing the page as it was
> >as the user left it.
>
> You might find this article helpful:
>
> http://shiflett.org/articles/guru-speak-nov2004
>
> I don't really fault Firefox for abiding by the no-store directive, nor
> do I fault Internet Explorer for ignoring it.

iirc, Firefox 1.5 has improved its caching system, in paticular to the
back button drama.

Curt.
--
cat .signature: No such file or directory

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On Sun, 4 Dec 2005 11:56:43 -0800, in php.general czirzow [at] gmail.com
(Curt Zirzow) wrote:

>iirc, Firefox 1.5 has improved its caching system, in paticular to the
>back button drama.

It seems so, but the issue is still present in 1.5 and might be
further on.

session_cache_limiter('private') changed the output from
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=3D0, =
pre-check=3D0
to
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: private, max-age=3D10800, pre-check=3D10800

session_cache_limiter('private_no_expire') can get rid of the Expires
header as well, but it doesn't seem to be an issue here. It could
still be relevant for other reasons though.

--
- Peter Brodersen

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php