I need the browser to cache a large, mostly static .php file. I open it via ajax and want to add it to the current page.
After some research if found this
$seconds_to_cache = 3600;
$ts = gmdate("D, d M Y H:i:s", time() + $seconds_to_cache) . " GMT";
header("Expires: $ts");
header("Pragma: cache");
header("Cache-Control: max-age=$seconds_to_cache");
This works for IE, but not for chrome and firefox.
Here is the request
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Cache-Control max-age=0
Connection keep-alive
Content-Type application/x-www-form-urlencoded
Cookie PHPSESSID=5dkvr42f4it8pnnnqpesj6l413
Host localhost
Referer http://localhost/mifa/Suche.php
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
charset utf-8
and here the response header
Cache-Control max-age=3600
Connection Keep-Alive
Content-Type text/html
Date Thu, 05 Jul 2012 15:28:22 GMT
Expires Thu, 05 Jul 2012 16:28:22 GMT
Keep-Alive timeout=5, max=91
Pragma cache
Server Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
Transfer-Encoding chunked
X-Powered-By PHP/5.3.8
What do i need to change?
EDIT
Apparently, only IE does not append the Cache-Control max-age=0 to the request.
Here is the JS Function of the request
url = "includes/Orte.php";
obj.onreadystatechange = rState;
obj.open("GET", url, true);
obj.setRequestHeader("Pragma", "");
obj.setRequestHeader("Cache-Control", "");
obj.setRequestHeader("charset", "utf-8");
obj.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
obj.setRequestHeader("Connection", "close");
obj.send();
function rState(){
if(obj.readyState == 4){
if (obj.status == 200){
//alert("Response Text Ajax:\n" + obj.responseText + "\nEnd Response Text");
}
}
}
The Cache-Control: max-age=0 header in the request means that you asked your browser to refresh the page, so he just ignores the cache.
Access the page without hitting refresh (e.g. focus the address bar and hit enter) to avoid this.
Also, if the page is on an HTTPS URL, you may have to add public to the Cache-Control header, else some browsers won't cache it.
Two things that come to mind are the last modified header, and using .htaccess cache control. The latter is for broad types but you can use it just for one folder, with that file in a folder by itself.
header("Last-Modified: ... ");
Related
So I have my PHP on a server, and my angular app locally.
for every request I make, I am getting back a different PHP session id in my network tab. Because of this I cannot test my session cookie as it doesn't exist.
When I bundle the app and put it on the server (same server as php files) then the sessionID is the same, So I am only having this issue locally.
I have added the correct CORS on my php file (just above session_start()) and I am sending withCredentials: true with my request, yet the session is always different.
Is there anything I need to look out for?
I am somewhat a PHP novice and more experienced in Angular so any help is appreciated.
Angular post request:
loginSession(form: string) {
const options = {
headers: new HttpHeaders().set('Content-Type', 'application/json; charset=utf-8'),
withCredentials: true
}
return this.httpClient.post<any>(`${this.SERVER}/function.php`, form, options);
}
Response Headers:
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-origin: http://localhost:4200
cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Wed, 15 Jan 2020 08:44:27 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
status: 200
vary: Accept-Encoding,User-Agent
x-content-encoding-over-network: gzip
Request Headers:
:authority: mysite.com
:method: POST
:path: /function.php
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 68
content-type: application/json; charset=UTF-8
cookie: PHPSESSID=93cfc63e3b04eb7bf6f633ae1b11fba7
origin: http://localhost:4200
pragma: no-cache
referer: http://localhost:4200/
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36
Thank you
Possibly your request is not sending cookies with the request. Php requires client side cookies to maintain the session.
Share your code to provide a better answer. But for time being you should made the request with, withCredentials option set to true.
let options = new RequestOptions({ headers: headers, withCredentials: true });
this.http.post(url, data, options)
I'm testing out ZURB foundation which runs on webpack4, babel7 and gulp (as taskrunner). My backend is built with a no-installation, latest XAMPP. I'm running apache from it and my php.
The basis for client/server communication works.
Im using jquery AJAX to call php scripts and push/pull data to/from MariaDB.
Now I want some persistence for my login functionality.
I configured my php.ini so that the session files are located inside /Session folder which resides inside the src/assets folder of my ZURB Foundation project.
Here is a (rather large) excerpt from my php.ini. I included a bit more stuff because as I've learnt here How to configure session.save_path inside php.ini for webpack4 based website?
this might also be about cookies. And Im totally new to all this and Ive never configured any cookie functionality so far so I dont know which one of these settings might be important.
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
;session.save_path = "\xampp\tmp"
session.save_path = "D:\foundationtests\src\assets\Session"
; Whether to use strict session mode.
; Strict session mode does not accept an uninitialized session ID, and
; regenerates the session ID if the browser sends an uninitialized session ID.
; Strict mode protects applications from session fixation via a session adoption
; vulnerability. It is disabled by default for maximum compatibility, but
; enabling it is encouraged.
; https://wiki.php.net/rfc/strict_sessions
session.use_strict_mode = 0
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
; http://php.net/session.cookie-secure
;session.cookie_secure =
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the be-all and end-all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it
; inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly =
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
; Current valid values are "Lax" or "Strict"
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
session.cookie_samesite =
; Handler used to serialize data. php is the standard serializer of PHP.
; http://php.net/session.serialize-handler
session.serialize_handler = php
so the current behavior is that session files are created, but not accessed.
I have the following phpExample1:
<?php
session_start();
$_SESSION["id"] = 10;
?>
Then I have phpExample2:
<?php
session_start();
$test = $_SESSION["id"];
echo $test;
?>
In this case I get the following error on my console.log() in the receiving JS code:
<br />
<b>Notice</b>: Undefined index: loggedUserID in <b>D:\foundationtests\src\assets\php\globallyUsedFunctions\retrieveLoggedUserID.php</b> on line <b>4</b><br />
There seems to be an issue that the session file containing the users session data cant be accessed, probably because the session ID was somehow lost/not transmitted. This is also indicated by the fact that phpExample1 actually creates a session file with the respective data, but when I run phpExample2, a new, empty session file is created. This also concurs with the php documentation which says that session_start(); either starts a new session or continues an existing one.
I have no idea which parts of my backend/front-end, webproject or XAMPP I have to lay my hands on to fix this problem. I'm also somehow lost on how to google this ^^
I already looked into php documentation and I also tried echoing session_id() from my phpExample2 after I had executed phpExample1. But I get an empty string to my console.log(), so basically nothing was found, which again fits into the context of session_start() creating new sessions instead of continuing the existing one.
EDIT:
As per request, I post the var_dump() result of $_REQUEST and $_COOKIE here:
array(0) {
}
array(0) {
}
EDIT2:
The response headers from the phpExample1 AJAX:
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 2
Access-Control-Allow-Origin: *
Set-Cookie: io=27GSwfgTRlPYm5-nAAAU; Path=/; HttpOnly
Date: Mon, 26 Aug 2019 09:57:40 GMT
Connection: keep-alive
Okay I think I got the wrong one, THIS one should be right!
HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:09:19 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=aaghn2jdh4hgfhlsagoep5lqvr; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
EDIT3:
the AJAX headers to phpExample1 look like this:
responseHeader:
HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:38:07 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=bu2ggojkrkpqen33kh6r63pd36; path=/; domain=localhost:8099
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
requestHeader:
Host: localhost:8099
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 115
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/login.html
Then, the headers for phpExample2 (the php where the session should be continued and the data written to $_SESSION should be accessed) after phpExample1 had been executed:
responseHeader:
HTTP/1.1 200 OK
Date: Mon, 26 Aug 2019 10:38:09 GMT
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.8
X-Powered-By: PHP/7.3.8
Set-Cookie: PHPSESSID=3isk6nf8fi2k3n4mfcfmtkv62d; path=/; domain=localhost:8099
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 367
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
requestHeader:
Host: localhost:8099
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/login.html
Content-Length: 0
Note that for these requests, I had set
session.cookie_domain = localhost:8099
inside my php.ini. I also tried out :8000 for this, but it didnt change anything except ofc for the headers showing a different port.
This is as very odd problem folks.. it effects only chrome, and only pages served in PHP.
I made a page which is just pure html being served with the same assets in the same dir as the handled page just because I was not sure what to do about the situation:
http://www.sublimewellness.ca/store/debug.html
www.sublimewellness.ca/store/
The page works just fine on other browsers but fails on chrome.
You will notice the page does not load on chrome (you can see the white screen and the html dump though).
If you get no response, its probably because magento is a beast and other stack exchange people are hitting it.
Here are the request headers..
GET /store/ HTTP/1.1
Host: www.sublimewellness.ca
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: frontend=47oojlnfi9aji3c85e3as98d63
HTTP/1.1 200 OK
Date: Tue, 10 Sep 2013 08:01:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: frontend=47oojlnfi9aji3c85e3as98d63; expires=Tue, 10-Sep-2013 09:01:45 GMT; path=/store; domain=www.sublimewellness.ca; httponly
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
What to blame? I dont think its javascript, or the page dump html that is causing a random issue as the html page indicates its not a problem.
I dont think its PHP?
Its clearly not mysql.
Im putting my hands towards some sort of apache header.
I dont really want to just throw out other project specific code unless requested. Please let me know what you feel you need to know or what you would look for first and I will investigate and post what you need.
Should note that on rare occasion the page does load correctly in chrome!
I've created a page that will take css (or javascript) files and output them as one file. I have noticed that Firefox and Internet Explorer will both fail to send the "If-Modified-Since" header at any time when I compress the output using ob_gzhandler:
if(!ob_start("ob_gzhandler")) ob_start();
The initial headers (Host and referrer changed in sample):
Response Headers
Cache-Control public, must-revalidate, maxage=4838400
Connection keep-alive
Content-Encoding gzip
Content-Length 87281
Content-Type text/css; charset: UTF-8
Date Wed, 12 Dec 2012 16:04:32 GMT
Expires Wed, 06 Feb 2013 16:04:32 GMT
Last-Modified Fri, 12 Oct 2012 13:47:18 GMT
Pragma public
Server Apache
Vary Accept-Encoding
X-Cache MISS from localhost
X-Powered-By PHP/5.3.13
Request Headers
Accept text/css,*/*;q=0.1
Accept-Encoding gzip, deflate
Accept-Language en-gb,en;q=0.5
Authorization Basic cmVkZnVzZTpyM2RmdXMz
Cache-Control no-cache
Connection keep-alive
Cookie PHPSESSID=e73355c49f06a059c22d7f02687dc51b
DNT 1
Host example.com
Pragma no-cache
Referer http://example.com/
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
And the following headers are sent on refresh (Host and referrer changed in sample):
Response Headers
Cache-Control public, must-revalidate, maxage=4838400
Connection keep-alive
Content-Encoding gzip
Content-Length 87245
Content-Type text/css; charset: UTF-8
Date Wed, 12 Dec 2012 16:09:11 GMT
Expires Wed, 06 Feb 2013 16:09:11 GMT
Last-Modified Fri, 12 Oct 2012 13:47:18 GMT
Pragma public
Server Apache
Vary Accept-Encoding
X-Cache MISS from localhost
X-Powered-By PHP/5.3.13
Request Headers
Accept text/css,*/*;q=0.1
Accept-Encoding gzip, deflate
Accept-Language en-gb,en;q=0.5
Authorization Basic cmVkZnVzZTpyM2RmdXMz
Cache-Control max-age=0
Connection keep-alive
Cookie PHPSESSID=e73355c49f06a059c22d7f02687dc51b
DNT 1
Host example.com
Referer example.com
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0
If I switch from using ob_gzhandler to a standard ob_start() then it works fine and returns a 304 as expected on the second load.
Another issue that I think is related is that when viewing from an android device, the css doesn't get applied for either the stock browser or for Dolphin Browser, but is fine for Firefox for Android. This is also resolved by disabling the ob_gzhandler
The problem sounds like this:
The log-in using sessions works perfect on my localhost, but when the EXACTLY same files are uploaded to my host (hostgator), the sessions don't or, or they get messed up. Also the log-out feature doesn't work on the host.
I've checked and every page has the session_start(); inside it.
The session is not destroyed, even if my logout.php looks like this:
<?php
session_start();
$_SESSION = array();
session_unset();
session_destroy();
header("location:index.php");
exit();
?>
Any suggestions?
I noticed on Firefox with Firebug that your pages are all cached . Your session is working fine, but your page are cached, making login and logout quite (messed up).
Disable HTTP caching for your dynamic pages.
See Firebug output:
Response Headers
HTTP/1.1 304 Not Modified
Date: Thu, 14 Oct 2010 13:16:50 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Expires: Thu, 14 Oct 2010 16:16:50 GMT
Cache-Control: public, max-age=10800
Request Headers
GET / HTTP/1.1
Host: www.piataterenuri.info
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=55aea3f792334052dc673f85feb0b54a
If-Modified-Since: Wed, 13 Oct 2010 13:47:53 GMT
Cache-Control: max-age=0
PHP manual has already an example on how to disable caching:
http://php.net/manual/en/function.header.php
<?php
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>