From: spam02 at pornel dot net Operating system: * PHP version: 4CVS-2007-03-01 (snap) PHP Bug Type: Session related Bug description: Overly restrictive/invalid headers sent as session cache limiters
Description: ------------ Currently, *by default*, PHP sends *the most restrictive* anti-caching directives possible. * no-store is intended as a security measure, not regular cache-control * must-revalidate alone doesn't prevent caching, just requires browser to revalidate it after it expires. This however, with no-cache prevents use of "offline browsing" feature. * pre-check and post-check are non-standard directives that let Internet Explorer revalidate cached objects less frequently and/or asynchronously. Please don't use these directives in the default configuration (called "nocache" cache_limiter), as their use in majority of cases is either unjustified or invalid and causes performance and usability problems (for example: https://bugzilla.mozilla.org/show_bug.cgi?id=261312). BTW: it turns out that Opera (and most likely other browser vendors) do not fully support these directives *because* PHP abuses them (http://my.opera.com/yngve/blog/2007/02/27/introducing-cache-contexts-or-why-the "This abuse is the reason why must-revalidate is only obeyed for secure sites.") Reproduce code: --------------- <?php session_start(); Expected result: ---------------- Cache-control: no-cache Actual result: -------------- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 -- Edit bug report at http://bugs.php.net/?id=40686&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=40686&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=40686&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=40686&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=40686&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=40686&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=40686&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=40686&r=needscript Try newer version: http://bugs.php.net/fix.php?id=40686&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=40686&r=support Expected behavior: http://bugs.php.net/fix.php?id=40686&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=40686&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=40686&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=40686&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=40686&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=40686&r=dst IIS Stability: http://bugs.php.net/fix.php?id=40686&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=40686&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=40686&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=40686&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=40686&r=mysqlcfg
