Posted by Chris Shiflett on 10/21/03 11:33

Hi Peter,

> When I begin session with session_start() PHP sets an Expired-header.
> I suppose that's fine for the sake of unwanted caching.
>
> Unfortunately, Firefox seem to reload a page that's expired when using
> the browser's "Back" navigation instead of showing the page as it was
> as the user left it.

You might find this article helpful:

http://shiflett.org/articles/guru-speak-nov2004

I suspect that Firefox's behavior is based on their interpretation of
the HTTP specification. If you read section 14.9.2 of RFC 2616, you'll
see the following statement about the no-store directive:

"If sent in a response, a cache MUST NOT store any part of either this
response or the request that elicited it. This directive applies to both
non-shared and shared caches."

A browser's history mechanism relies on a non-shared cache, the
browser's cache. If a browser isn't allowed to store the resource, it
can't redisplay the resource without sending another request.

There's another relevant section of the RFC, section 13.13:

"History mechanisms and caches are different. In particular history
mechanisms SHOULD NOT try to show a semantically transparent view of the
current state of a resource. Rather, a history mechanism is meant to
show exactly what the user saw at the time when the resource was retrieved."

This seems to conflict with the earlier statement, and I think this is
the reason for the inconsistent implementations in the industry. This
particular statement attempts to distinguish between the history
mechanism and caches, a distinction that doesn't naturally exist.

I don't really fault Firefox for abiding by the no-store directive, nor
do I fault Internet Explorer for ignoring it.

Hope that helps.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

[Back to original message]