On Wednesday 21 February 2001 18:13, Janet Valade wrote:
> Previously on this list, there have been questions about the Warning:
> page has expired problem. When you submit a form, then press the back
> button, you get this message and have to press refresh before the page
> will redisplay.
>
> I have discovered that if you use the following header command, the
> problem does not occur.
>
> header("Cache-Control: public");
>
> The back button takes you back to the form, without a warning message,
> and the form redisplays with the info you entered. Does anyone know a
> reason that the above header should not be used? Does it cause some
> sort of problem that I should be aware of?
Yes. It allows cache proxies to cache the page. That means e.g. if Joe X
(using ISP Y) fetches that page, *all* users of ISP Y will get the same
page afterwards (including all his private data).
Well, in practice proxies won't cache results of POST queries, but it's
still a big security hole (never trust programs you don't admin yourself)
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
I saw God --------- and she was black.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
