|
|
session_cache_limiter (PHP 4 >= 4.0.3, PHP 5) session_cache_limiter -- Get and/or set the current cache limiter Descriptionstring session_cache_limiter ( [string cache_limiter] )
session_cache_limiter() returns the name of the
current cache limiter. If cache_limiter
is specified, the name of the current cache limiter is changed to the
new value.
The cache limiter defines which cache control HTTP headers are sent to
the client. These headers determine the rules by which the page content
may be cached by the client and intermediate proxies. Setting the cache
limiter to nocache disallows any client/proxy caching.
A value of public permits caching by proxies and the
client, whereas private disallows caching by proxies
and permits the client to cache the contents.
In private mode, the Expire header sent to the
client may cause confusion for some browsers, including Mozilla.
You can avoid this problem by using
private_no_expire mode. The expire header is never
sent to the client in this mode.
Замечание:
private_no_expire was added in PHP 4.2.0.
The cache limiter is reset to the default value stored in
session.cache_limiter
at request startup time. Thus, you need to call
session_cache_limiter() for every
request (and before session_start() is called).
Пример 1. session_cache_limiter() example |
<?php
session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
echo "The cache limiter is now set to $cache_limiter<br />";
?>
|
|
Also see the session.cache_limiter
configuration directive.
 add a note
User Contributed Notes
session_cache_limiter
brinley at etcorp dot com
30-Aug-2007 08:30
For those people trying to fix IE6's problem of recognizing the filename attribute in Content-Disposition. I thought I'd add that in addition to the fixes mentioned before, you have to take note of invalid and sensitive characters in the file name. For example, having a space or colon in the filename will cause IE6 to use a randomly generated filename.
Typer85 at gmail dot com
13-Jul-2007 02:16
Here is another handy trick for your session lovers out there;
It seems that using 'nocache' as an argument for this function, will prevent users browsing your website using IE 6 from viewing your HTML source file!
Probable reason ... probably because IE 6 is not caching anything due to the headers it is receiving, see my post below this one, and since IE 6 by default loads HTML source files from its cache, it can not find a file to open using notepad, since no file will exist in the cache!
I am not sure if this is the same with IE 7, but Mozilla Firefox does not have this problem.
Thank you Microsoft for yet another 'quality' product ( I read that somewhere and thought it was funny) ... at least now someone has a pretty neat trick up there hand to hide away their HTML source.
Do not know who ... but you are out there I am sure :)
Typer85 at gmail dot com
13-Jul-2007 01:19
Here is some magic for you PHP session lovers out there;
it seems that if you use 'nocache' as an argument for this function, PHP will send the following headers automatically for you:
--------------
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
--------------
Which pretty much render any cache ineffective because no proxy or browser that follows the HTTP 1.1 protocol will cache
your request. In short, every page request, whether explicitly through a page reload or not, will go through your server.
Not something good for those of us looking for a bit of security but also for some performance juice.
The only way to override these headers, if you use the 'nocache' as an argument, is to use the header( ) function
after you start your session but before you send any output:
<?php
session_cache_limiter( 'nocache' );
session_start( );
header( 'Cache-Control: no-cache, must-revalidate, post-check=3600, pre-check=3600' );
?>
Fernando Gabrieli fgabrieli at gmail
07-Apr-2007 05:21
<?
session_cache_limiter ('private, must-revalidate');
$cache_limiter = session_cache_limiter();
//
session_cache_expire(60); // in minutes
session_start() ;
?>
If i do not set must-revalidate, IE seems to cache session variables without refreshing them
If i post a form then it refreshes the variables
Firefox does not have this problem
So, be sure to use must-revalidate
Jeremiah at jkjonesco dot com
30-Oct-2006 03:20
If you are trying to work with dynamic binaries such as videos or images, the new IE 7 appears to require the ETag header. You will need to make sure that you follow the specifications for how ETag works in order for your cache control to work properly. Mozilla supports the ETag header as well, but does NOT require it for caching. If you need to cache a dynamic image, video, or other binary file, then be sure to set your ETag and then check for the If-Not-Modified header on subsequent requests so that you can properly return the 304 Not Modified page.
john
28-Mar-2006 08:36
In addition to the above, don't forget to check the php.ini file for the setting: session.cache_limiter = nocache
Since I use xoops and didn't start the session, I had the SSL/download problem until I noticed this.
19-Oct-2005 08:11
The onLoad method of Actionscript's loadVars class was returning false in IE6 using SSL until I set --> session_cache_limiter("must-revalidate"); <-- on the receiving PHP script.
radu dot rendec at ines dot ro
18-Oct-2005 04:41
I've read the other comments and done some "reasearch" on my own. Using php's session mechanism and explicitly setting the "cache-control" header should not be mixed.
When session_start() is called, the "cache-control" and "pragma" headers are automatically set by php (to whatever value had been specified using session_cache_limiter()).
Explicitly setting those headers _before_ session_start() will have no effect, and explicitly setting them _after_ session_start() will overwrite the settings from session_cache_limiter().
If I had to deal with php sessions, I'd go for using session_cache_limiter() and leaving the headers alone.
02-Sep-2005 03:04
Andrei Chirila, andrei_chirila at yahoo dot com
12-Jan-2005 09:30
I played about an hour with the download and sessions. yes, to work you'll need session_cache_limiter("must-revalidate"); but this BEFORE session_start() if you want that your download start [IE problem]. Hope someone will need this someday
====
yes, somebody has needed this today :)
situation: trying to make a session based download management system complete with user login system that requries an authorized user to download some files, and hide all such files from non-authorized users. the user login, download center, and content management system of the site are all tied in to each other, making troubleshooting this headering stuff a headache.
problem: files being served are not accessible thru the regular site, since they are above the htdocs folder in apache, and so headering the file is required, and sessions do not work well with files being headered to the browser.
solution: the download center uses ob_start("");, then session_cache_limiter("must-revalidate");, before the session_start();, then everything works well.
thank you very much! i was resorting to using a cookie to control this before because i could not figure out how to tie in sessions to the system before!
donovan at go4 dot com dot au
07-Aug-2005 06:41
IE6 'the file could not be written to the cache':
I tried all the other suggestions mentioned here but none of them worked.
I friend suggested header("Pragma: ");
This worked straight away!
snakes at ntica dot com
12-May-2005 02:28
Avoiding caching PHP pages:
After lot of tries and research this is the best combination of headers I've found that seems to work well even with the proxy of visitors that are using satellit connection.
<?
header("ETag: PUB" . time());
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()-10) . " GMT");
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 5) . " GMT");
header("Pragma: no-cache");
header("Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate");
session_cache_limiter("nocache");
?>
Andrei Chirila, andrei_chirila at yahoo dot com
12-Jan-2005 06:30
I played about an hour with the download and sessions. yes, to work you'll need session_cache_limiter("must-revalidate"); but this BEFORE session_start() if you want that your download start [IE problem]. Hope someone will need this someday ...
justin at justintubbs dot com
07-Jan-2005 12:04
I have PHP 4.3 running on a Windows 2003 Server running IIS 6.0 also using SSL encryption for my pages. I could not (for the life of me) figure out how to get IE 6.0/WinXPPro to recognize a set of HTML tables as an Excel spreadsheet export, and it was due to the header() variables I was using. Hopefully these are helpful to others who are attempting the same type of export within PHP.
*This example builds on the previously submitted one, adding a few necessary headers.
<?php
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
session_cache_limiter("must-revalidate");
header("Content-Type: application/vnd.ms-excel");
header('Content-Disposition: attachment; filename="fileToExport.xls"');
session_start();
?>
pulstar at ig dot com dot br
24-Oct-2004 02:39
You can find more information about to control the cache in PHP at http://www.php.net/manual/en/function.header.php
If you have a dinamic website and want to allow your visitors to use the back button after they sent a form with the post method, the best combination I found was:
<?php
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter("must-revalidate");
session_start();
?>
I try some combinations using header("Cache-Control: no-cache, must-revalidate"), but when clicking the back button, the last changes in the form back to their previous states. The combination above works fine with IE 6.x. I didn't test this with other browsers.
When I try something like session_cache_limiter("nocache, must-revalidate") it doesn't work. The page only updates when I used the browser's refresh button. In dynamic web sites this is not good. The content must be fresh after each click.
I didn't find these combinations like "private, must-revalidate" documented in the manual and I guess that something different from "none, nocache, private, public and private_no_expire" are resolved to "none" or something like that. One thing I notice is that in session_cache_limiter() it is "nocache", but in header() it is "no-cache". This may give us some clues about how session_cache_limiter() function works.
About caching, the perfect solution I think is to give the correct expiration date and time and also the right last-modified header for each element in the web site, when they are really updated. This means a lot of extra controls of course, but may worth in web sites with high overload.
The "public" option means that all available cache in proxies and clientes will be used, so this improves the speed of the web site and also reduces the used bandwidth. But without the right expiration and last-modified headers, you can use it only in static web sites.
The "private" option means that only the cache in clients will be used. This is good for a more sensitive data that can be stored locally in the browser cache. It have some benefits of the public option, but the same restrictions too.
The "nocache" (or no-cache?) option means that the HTML portion will not be cached, but the images, CSS and JS files will. This is good for dynamic websites because you still can use the power of cache without loose the refreshness after each click. These files can be updated when you open the web site or use the browser's refresh button.
I don't know why, but flash files are never updated when you click the refresh button. A common solution for this is to change the file name when you update the flash file.
The "no-store" option means that all the content will not be cached anyway, including images, CSS or JS files. I don't know if this applyes to flash files too, but is possible. This option must be used with very sensitive data. I think the SSL uses this by default.
misterp3d at hotmail dot com
18-May-2004 02:16
I had a problem using a FORM with POST method when user of my website was using the back button. The page requested a refresh to be able to see again the FORM.
To solve the problem I used :
<?php
session_cache_limiter('private, must-revalidate');
?>
*You need to write this line before any output
Hope that will help some of you ;)
[P]
richard at izyn dot co dot nz
01-Mar-2004 06:17
I found that session_cache_limiter("none") works for me when I create PDFs on the fly because session_cache_limiter("private") causes the browser(IE6) to cache the PDF indefinitely.
|
session_cache_expire