[PHP-DB] Re: Warning: Page has Expired
I had this problem, too. It seems as though when using session variables and
POST forms, you get this error when trying to go back to a POSTed page.
I believe I read somewhere that the error is more of a security issue - to
keep others from simply going back and seeing any private data, but I'm not
clear on how that works.
I finally found a plausible fix, though. Just open up your php.ini file and
look for [Session]. Under it should be session.cache.limiter - just set that
to a blank. Here's my [Session] section:
BEGIN SNIPPET
[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path = /tmp; argument passed to save_handler
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1 ; whether to use cookies
session.name = PHPSESSID
; name of the session
; is used as cookie name
session.auto_start= 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
; php is the standard serializer of PHP
session.gc_probability= 1 ; percentual probability that the
; 'garbage collection' process is
started
; on every session initialization
session.gc_maxlifetime= 1440; after this number of seconds, stored
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
; externally stored URLs containing ids
session.entropy_length= 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session
id
; session.entropy_length= 16
; session.entropy_file = /dev/urandom
session.cache_limiter = ; (leaving it blank)
; session.cache_limiter = nocache ; set to {nocache,private,public} to
; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 1 ; use transient sid support if enabled
; by compiling with --enable-trans-sid
- END SNIPPET -
Hope this helps.
- Jonathan
Keith Spiller [EMAIL PROTECTED] wrote in message
003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle...
I've setup a members directory in mysql that is searchable via different
field and I limit the number of records.
I use session variables to remember the number of records to display, what
the starting record is, what the
search string and search fields are. At anytime a user can click on an id
number to do a Select statement
that queries for that single row of data. Afterward, if the user hits their
browsers back button I get:
Warning: Page has Expired
I've noticed allot of sites just ask the user to not use the back button.
I'm curious if this is caused by an
error in my code or because I used session variables that might have changed
in the last MySQL select
query. So that when you hit back, the browser is using some sort of cached
data while still loading the
php code? I'm very confused at this point. Is there anything I can do to
prevent the Expired Page warning,
rather than expecting my viewers to learn to do without it.
Keith Spiller
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DB] Re: Warning: Page has Expired
You can also change your form to use the GET method instead. That works without changing your php.ini file. But don't use GET methods for logging in or passing secure information. It's much more insecure than POSTing (not that POSTing variables is a 100% secure method, either)... Keith Spiller [EMAIL PROTECTED] wrote in message 003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle... I've setup a members directory in mysql that is searchable via different field and I limit the number of records. I use session variables to remember the number of records to display, what the starting record is, what the search string and search fields are. At anytime a user can click on an id number to do a Select statement that queries for that single row of data. Afterward, if the user hits their browsers back button I get: Warning: Page has Expired I've noticed allot of sites just ask the user to not use the back button. I'm curious if this is caused by an error in my code or because I used session variables that might have changed in the last MySQL select query. So that when you hit back, the browser is using some sort of cached data while still loading the php code? I'm very confused at this point. Is there anything I can do to prevent the Expired Page warning, rather than expecting my viewers to learn to do without it. Keith Spiller [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DB] Re: Warning: Page has Expired
Thanks Jonathan, The Microsoft site says just that, that it is a security precaution. http://support.microsoft.com/support/kb/articles/q183/7/63.asp But I wonder, is it only caused by PHP or ASP pages? If so, what is to stop me from creating an line in my .htaccess file that forces the Apache server to treat say .shtml files as .php files? Wouldn't this fix the problem? Maybe I'm grabbing at straws... Also the GET does not send the session variables. It seems that a single line in the .asp files can fix this problem, so obviously, IIS is doing something, maybe converting method POST to GET? There must be a way... Keith - Original Message - From: Jonathan Hilgeman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 11, 2001 9:33 AM Subject: [PHP-DB] Re: Warning: Page has Expired You can also change your form to use the GET method instead. That works without changing your php.ini file. But don't use GET methods for logging in or passing secure information. It's much more insecure than POSTing (not that POSTing variables is a 100% secure method, either)... Keith Spiller [EMAIL PROTECTED] wrote in message 003401c10a0f$6bd7da60$3083140a@aristotle">news:003401c10a0f$6bd7da60$3083140a@aristotle... I've setup a members directory in mysql that is searchable via different field and I limit the number of records. I use session variables to remember the number of records to display, what the starting record is, what the search string and search fields are. At anytime a user can click on an id number to do a Select statement that queries for that single row of data. Afterward, if the user hits their browsers back button I get: Warning: Page has Expired I've noticed allot of sites just ask the user to not use the back button. I'm curious if this is caused by an error in my code or because I used session variables that might have changed in the last MySQL select query. So that when you hit back, the browser is using some sort of cached data while still loading the php code? I'm very confused at this point. Is there anything I can do to prevent the Expired Page warning, rather than expecting my viewers to learn to do without it. Keith Spiller [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
