#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Location
    Switzerland
    Posts
    11
    Rep Power
    0

    Clearing Browser cache


    If I look at some of the authentication security setups I've seen, (generally session variables, go back to the database and check if this user has appropriate permissions), I've run into something in testing that bothers me, but I'm not sure if I can do anything about it.

    If I login with a high security clearance user, look at some pages requiring that security, then logoff, then login as a low security clearance user, the browser caches the high security page and will show it to the new user. If that user hits the refresh button, the system comes to its senses and refuses to output the page, so I'm assuming (big leap here) that the page was actually generated by the browser cache. (I'm not letting apache cache any pages).

    Am I missing something obvious or is there some way to clear the browser cache when the high security clearance user logs off?
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2003
    Location
    Switzerland
    Posts
    11
    Rep Power
    0

    Never Mind


    A proper search would have revealed:

    header("Cache-control:no-cache, must revalidate");
    header("Pragma:no-cache");

    as the very first things sent. I accidently was sending a couple of characters prior to the headers.

IMN logo majestic logo threadwatch logo seochat tools logo