10 Replies - 5371 Views - Last Post: 11 August 2007 - 12:02 PM Rate Topic: -----

#1 michaelcbrook  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 26-July 07

Clearing cache without using header

Posted 26 July 2007 - 02:46 AM

Hi,

I have one of those questions that can either be extremely complicated or extremely easy, depending on the approach. To start off, I am creating a feature on my website that requires the user to create an account and login to access it. Once the user is logged in, they stay logged in because a cookie is saved, which tells the site to display different things and give them access to their account based on the cookie's information. Like most websites that have you create an account, there are two main pages: the main log in and sign up page, and in this case the "song manager," which is the page that can only be accessed after the user logs in. Right now, the user is able to log in and log out perfectly fine by just creating a cookie and then deleting it, but the problem is that, after the user logs out, they are still able to access their account on the "song manager" page if they just go to the URL of that page, which is a BIG no no. But once I hit the refresh button, it correctly locks me out, so it is obviously a cache problem. In an attempt to fix it, I have already tried a couple of approaches.

First approach:

<?php
Header("Cache-control: private, no-cache");
Header("Expires: Mon, 26 Jun 1997 05:00:00 GMT");
Header("Pragma: no-cache");
header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
?>


This fixes the main problem, however, in the "song manager" I have buttons that process a form through another php page, which then includes the "song manager" page through a code like:

<?php
include "songmanager.php";
?>


The problem there is that, when I submit a form from the "song manager" page to the processing page, it submits successfully, but I also get errors that say:

Warning: Cannot add header information - headers already sent by (output started at /www/cgi/testchange.php:76) in /www/cgi/songmanager.php on line 6

I know this is because the "song manager" page is trying to add headers within testchange.php, but it can't, so I can't go with the "header(..."


Second approach:

Since the error was corrected when I hit the refresh button, I also tried making the page refresh once automatically when the page loaded. It's not exactly the smoothest way to handle it, but it was worth a try. My code looked something like this:

<?php
if (empty($_COOKIE['refreshed']))
{
   setcookie('refreshed', 1);
   header("Refresh: 0; url=testlogin.php");
}
else
{
   setcookie('refreshed','',time()-3600);
}
?>


That was basically the method I used to refresh, but even with this method, it still came down to a cache problem.

So, to make a long story short, is there a way to clear the cache without using the php "header" in order to avoid the errors when the page is included in another page? If not, is there any way to fix this problem so that it actually keeps you out of the "song manager" when you log out?

Perhaps another method that I haven't tried is generating a random number and passing it through the URL every time the page is loaded to trick the computer into thinking it's a different page, but I'm afraid that people will be able to go back and load the page with a previous random number value, which will load the saved cache and mess it all up!


Thanks for any help.

Is This A Good Question/Topic? 0
  • +

Replies To: Clearing cache without using header

#2 michaelcbrook  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 27 July 2007 - 01:02 AM

Ok, I know I posted this just recently, but I just tried something that seems to work. If I use ajax in place of all the include() functions in my pages that include the main "song manager" page, I don't get the errors when I clear the cache through the PHP headers in all the pages because ajax is not calling the page through PHP. It seems to work fine so far, but does anyone know if there are any conflicts between PHP and ajax that I should know about?
Was This Post Helpful? 0
  • +
  • -

#3 Styx  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 192
  • Joined: 04-March 07

Re: Clearing cache without using header

Posted 04 August 2007 - 11:30 AM

As far as I know, there's no conflicts.

The 'headers already sent' message can be averted if you use buffer functions such as with ob_start and ob_end_flush.

I'm not sure how you implement your login system, but a cache problem is kind of rare. It's usually something with the code. Make sure the logout page redirects somewhere like the login page. Also be sure to double check the authentication code for your private pages. If you can still change settings and whatnot, it's most probably a code problem.

See if you can get a cookie viewer such as some offered by Firefox to see if the cookies are being deleted properly. As well, it might be preferable to look into using sessions if you don't use them already, since cookies by themselves don't offer as much security.
Was This Post Helpful? 0
  • +
  • -

#4 michaelcbrook  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 04 August 2007 - 11:48 PM

Since I started using ajax, the cache problem seems to stay away, so I think I'll stick with it for now, but I will probably research buffer functions a little more. As for using sessions, I started experimenting with them but had a difficult time figuring out how to control them. Can I have sessions remember a user for a specified amount of time like a cookie? And will the user still be remembered if they restart their computer? I also read that sessions are saved until the user closes his or her browser window, but this did not work for me when I tried it. What can I do or not do with a session, in comparison with a cookie?
Was This Post Helpful? 0
  • +
  • -

#5 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1642
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 05 August 2007 - 12:59 AM

To do this with sessions is fairly simple. First you create a page (mine is called login_check.php)

<;?php
// login_check.php

function is_logged_in () {
  if (!($_SESSION["id"]) || ($_SESSION["id"] == "")) {
	Header("Location: ./login.php");
	exit();
  }
}
function check_login ($forms) {
  $error = "";
  $username = $forms["username"];
  $password = $forms["password"];
  if (trim($username) == "") $error .= "<li>Your username is empty.</li>";
  if (trim($password) == "") $error .= "<li>Your password is empty.</li>";
  /* from here, do your sql query to query the database to search for existing 
	 record with correct username and password */
  if (trim($error)!="") return $error;
}

function set_session_value ($forms) {
  $username = $forms["username"];
  $password = $forms["password"];
  /* do your sql query again, but now returning the id of member */
  return $id;
}
?> 



Then your login page (yours will be more extravagant than this, I just created a simple, fast one)

<?php
// login.php
session_start();
include ("login_check.php");
if ($_POST) {
  $error = check_login($_POST);
  if (trim($error)=="") {
	$_SESSION["id"] = set_session_value($_POST);
	Header("Location: ./index.php") // Redirect validated member
	exit();
  } else {
	print "Error:$error";
  }
}
>
<form method="post">
Username : <input type="text" name="username"><br />
Password : <input type="password" name="password"><br />
<input type="submit" value="Login">
</form>



Then just add this to every page that must be secured

<?php
  // index.php
  include("login_check.php");
  session_start();
  is_logged_in();
?>



To end a session you can do it one of 2 ways (shown below)

//option 1
unset($_SESSION["id"]);

//option 2
session_destroy



Just use one of the above samples for ending a session when the user clicks the logout link.

Hope this helps :)

Happy Coding!

This post has been edited by PsychoCoder: 05 August 2007 - 01:02 AM

Was This Post Helpful? 0
  • +
  • -

#6 michaelcbrook  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 07 August 2007 - 05:13 PM

Yes, that helps a lot. Thanks. It looks a little different from what I'm used to, but now at least I have something to work with :D
Was This Post Helpful? 0
  • +
  • -

#7 Styx  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 192
  • Joined: 04-March 07

Re: Clearing cache without using header

Posted 11 August 2007 - 11:40 AM

You shouldn't supply code until the they've shown some effort in the area of their question.

You can read all about sessions at php.net/sessions and related pages on google

You can also read about changing settings like cookie lifetime at php.net/session_set_cookie_params

This post has been edited by Styx: 11 August 2007 - 11:40 AM

Was This Post Helpful? 0
  • +
  • -

#8 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1642
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 11 August 2007 - 11:43 AM

View PostStyx, on 11 Aug, 2007 - 11:40 AM, said:

You shouldn't supply code until the they've shown some effort in the area of their question.


Actually if you look at his first post in this thread he did supply some code, and explained very well what his problem was and what he had attempted in order to fix his issue. I merely pushed him in the right direction.

Had I felt he was just looking for a quick answer, and hadn't done anything to research and solve the problem I wouldn't have supplied any code

P.S: I know the rules of the forum :)

This post has been edited by PsychoCoder: 11 August 2007 - 11:44 AM

Was This Post Helpful? 0
  • +
  • -

#9 Styx  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 192
  • Joined: 04-March 07

Re: Clearing cache without using header

Posted 11 August 2007 - 11:49 AM

He didn't supply code concerning sessions though. You went ahead and wrote most of that for him.
Was This Post Helpful? 0
  • +
  • -

#10 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1642
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Clearing cache without using header

Posted 11 August 2007 - 11:53 AM

I chose to do it to show him an alternative way of doing something. He didn't ask for code in his post, in fact my suggestion was completely different than what he was trying (he was trying cookies and I showed him that working with sessions was probably better for what he wanted).

He was looking for help with a specific error he was receiving in his attempt to use cookies, I felt it necessary to show him what I felt was a better way to do things. Its called giving back to the programming community, its called giving back what was freely given to me when I started programming, and I personally don't have or see a problem with that :)

P.S: Your concerns and suggestions have been noted :)
Was This Post Helpful? 0
  • +
  • -

#11 Styx  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 192
  • Joined: 04-March 07

Re: Clearing cache without using header

Posted 11 August 2007 - 12:02 PM

A simple link to the php.net sessions page or a tutorial would have been sufficient rather than holding his hand and taking him through the thing.

But nevermind, it's not something worth arguing over :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1