[PHP-DB] Re: Warning: Page has Expired
I had this problem, too. It seems as though when using session variables and POST forms, you get this error when trying to go back to a POSTed page. I believe I read somewhere that the error is more of a security issue - to keep others from simply going back and seeing any private data, but I'm not clear on how that works. I finally found a plausible fix, though. Just open up your php.ini file and look for [Session]. Under it should be session.cache.limiter - just set that to a blank. Here's my [Session] section: BEGIN SNIPPET [Session] session.save_handler = files ; handler used to store/retrieve data session.save_path = /tmp; argument passed to save_handler ; in the case of files, this is the ; path where data files are stored session.use_cookies = 1 ; whether to use cookies session.name = PHPSESSID ; name of the session ; is used as cookie name session.auto_start= 0 ; initialize session on request startup session.cookie_lifetime = 0 ; lifetime in seconds of cookie ; or if 0, until browser is restarted session.cookie_path = / ; the path the cookie is valid for session.cookie_domain = ; the domain the cookie is valid for session.serialize_handler = php ; handler used to serialize data ; php is the standard serializer of PHP session.gc_probability= 1 ; percentual probability that the ; 'garbage collection' process is started ; on every session initialization session.gc_maxlifetime= 1440; after this number of seconds, stored ; data will be seen as 'garbage' and ; cleaned up by the gc process session.referer_check = ; check HTTP Referer to invalidate ; externally stored URLs containing ids session.entropy_length= 0 ; how many bytes to read from the file session.entropy_file = ; specified here to create the session id ; session.entropy_length= 16 ; session.entropy_file = /dev/urandom session.cache_limiter = ; (leaving it blank) ; session.cache_limiter = nocache ; set to {nocache,private,public} to ; determine HTTP caching aspects session.cache_expire = 180 ; document expires after n minutes session.use_trans_sid = 1 ; use transient sid support if enabled ; by compiling with --enable-trans-sid - END SNIPPET - Hope this helps. - Jonathan Keith Spiller [EMAIL PROTECTED] wrote in message 003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle... I've setup a members directory in mysql that is searchable via different field and I limit the number of records. I use session variables to remember the number of records to display, what the starting record is, what the search string and search fields are. At anytime a user can click on an id number to do a Select statement that queries for that single row of data. Afterward, if the user hits their browsers back button I get: Warning: Page has Expired I've noticed allot of sites just ask the user to not use the back button. I'm curious if this is caused by an error in my code or because I used session variables that might have changed in the last MySQL select query. So that when you hit back, the browser is using some sort of cached data while still loading the php code? I'm very confused at this point. Is there anything I can do to prevent the Expired Page warning, rather than expecting my viewers to learn to do without it. Keith Spiller [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Warning: Page has Expired
You can also change your form to use the GET method instead. That works without changing your php.ini file. But don't use GET methods for logging in or passing secure information. It's much more insecure than POSTing (not that POSTing variables is a 100% secure method, either)... Keith Spiller [EMAIL PROTECTED] wrote in message 003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle... I've setup a members directory in mysql that is searchable via different field and I limit the number of records. I use session variables to remember the number of records to display, what the starting record is, what the search string and search fields are. At anytime a user can click on an id number to do a Select statement that queries for that single row of data. Afterward, if the user hits their browsers back button I get: Warning: Page has Expired I've noticed allot of sites just ask the user to not use the back button. I'm curious if this is caused by an error in my code or because I used session variables that might have changed in the last MySQL select query. So that when you hit back, the browser is using some sort of cached data while still loading the php code? I'm very confused at this point. Is there anything I can do to prevent the Expired Page warning, rather than expecting my viewers to learn to do without it. Keith Spiller [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Re: Warning: Page has Expired
Thanks Jonathan, The Microsoft site says just that, that it is a security precaution. http://support.microsoft.com/support/kb/articles/q183/7/63.asp But I wonder, is it only caused by PHP or ASP pages? If so, what is to stop me from creating an line in my .htaccess file that forces the Apache server to treat say .shtml files as .php files? Wouldn't this fix the problem? Maybe I'm grabbing at straws... Also the GET does not send the session variables. It seems that a single line in the .asp files can fix this problem, so obviously, IIS is doing something, maybe converting method POST to GET? There must be a way... Keith - Original Message - From: Jonathan Hilgeman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 11, 2001 9:33 AM Subject: [PHP-DB] Re: Warning: Page has Expired You can also change your form to use the GET method instead. That works without changing your php.ini file. But don't use GET methods for logging in or passing secure information. It's much more insecure than POSTing (not that POSTing variables is a 100% secure method, either)... Keith Spiller [EMAIL PROTECTED] wrote in message 003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle... I've setup a members directory in mysql that is searchable via different field and I limit the number of records. I use session variables to remember the number of records to display, what the starting record is, what the search string and search fields are. At anytime a user can click on an id number to do a Select statement that queries for that single row of data. Afterward, if the user hits their browsers back button I get: Warning: Page has Expired I've noticed allot of sites just ask the user to not use the back button. I'm curious if this is caused by an error in my code or because I used session variables that might have changed in the last MySQL select query. So that when you hit back, the browser is using some sort of cached data while still loading the php code? I'm very confused at this point. Is there anything I can do to prevent the Expired Page warning, rather than expecting my viewers to learn to do without it. Keith Spiller [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]