[thelist] Caching Problem

Wed Aug 31 12:48:43 CDT 2005

I think I'm confused about caching (yet again). I'm creating a very
simple login and logout process by placing a PHP script to generate a
cookie behind a .htpasswd protected directory (plain text susceptable to
sniffers, I know), and a logout script that simply deletes the cookie
again. The scripts are very simple:

   /protected/login.php:

      <?php
         setcookie( 'mploggedin', 'a', 0, '/' );
         header( "Location: $_SERVER[HTTP_REFERER]" );
      ?>

   /logout.php

      <?php
         setcookie( 'mploggedin', '', time() - 3600, '/' );
         header( "Location: $_SERVER[HTTP_REFERER]" );
      ?>

In my calling page, I check for the presence of the cookie, and display
a link to the login page if the cookie is absent, or link to the logout
page if present. Pretty simple.

What's happening, as you might imagine, is when I click the login link
(because the cookie is not there yet), login.php sets the cookie and
redirects back to the referer, but the page in my browser still displays
the login link, as if the cookie weren't there yet. However, if I click
the refresh button, it then re-requests the page, recognizes the cookie,
and shows the logout link as expected. Same thing in reverse for the
logout script. (I was earlier using a hardcoded absolute URL instead of
$_SERVER['HTTP_REFERER'], with the same results.)

Clearly, something is going on with caching. I've added the following
lines to both server scripts, recommended by the PHP documentation at
http://us3.php.net/manual/en/function.header.php, but to no avail (I
added all of them just to be sure, but even then, the behavior is the
same):

   session_write_close();
   header("Cache-Control: no-store, no-cache, must-revalidate");
   header("Cache-Control: post-check=0, pre-check=0", false);
   header("Pragma: no-cache");
   header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

So I think maybe my client (IE 6.0.2800.1106.xpsp2.050301-1526; Update
versions SP1, Q867801, 823353, Q832894, Q824145, Q828750, Q903235) is
caching it. Under "Internet Options", General tab, my Temporary Internet
files setting is at "Check for newer versions of stored pages: Every
visit to the page". That's the only caching-related option I know about,
but then, I am far from an expert on IE client settings.

Could it be a configuration setting on the site's server? This site is
hosted by phpwebhosting.com; I can't see where they say what servers
they're running, but they do say they are on Linux, so I imagine it's
Apache.

The page in question, if anyone wants to test it, is at
http://www.moonpiepress.com/links.php. This shows the login/logout link
and calls those scripts. I don't actually have the .htpasswd protection
on the directory yet.

Any ideas or pointers are much appreciated. Thanks in advance.

- John
-- 

This message may contain information which is private, privileged or confidential and is intended solely for the use of the individual or entity named in the message. If you are not the intended recipient of this message, please notify the sender thereof and destroy / delete the message. Neither the sender nor Sappi Limited (including its subsidiaries and associated companies) shall incur any liability resulting directly or indirectly from accessing any of the attached files which may contain a virus or the like.