HI

5.2.4-2ubuntu5.6
Cakephp 1.2.1.8004

I'm confused by a behaviour that cake is exhibiting. I have a site
which some users access from behind a proxy server.

Those users behind the proxy report that they are seing personal
information for users other than themselves.

I examined the headers of the site in Firefox 3.0.13 using the live
headers plugin and saw that there were no cache control instructions
sent.

I manually entered cache control headers in my app controller and the
users behind the proxy server reported that the fault was now fixed.

I investigated the session behaviours of PHP and saw that
session_start  is configured to output cache controllers automatically
according to the configuration defined in php.ini.

I determined that php.ini was set so that the cache limiter was set to
nocache as expected.

I examined the Cake core and saw that line 537 of /cake/lib/
session.php sets the session_cache_limiter value to 'must-revalidate'

I checked the docs and was confused by the discrepancy between the
docs which define valid values as

nocache;private;private_no_expire;public

http://us3.php.net/manual/en/function.session-cache-limiter.php

I read the comments on this page and saw that many users report that
private, must-revalidate solves issues with internet explorer.

I assume that something in my server setup is teh cause but it occurs
to me that teh Session cache limiter being hard coded in session.php
is not ideal and it would be better taken from the configuration
settings in Core.php and defaulting to the value used in php.ini

Is it worth me raising a ticket on this in view of teh comments in
ticket 4342?

https://trac.cakephp.org/ticket/4342

Thanks
Ron

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to