Warning: Page has Expired

Anon

Hello:
I hope someone can help me out with this one. I have a php page that query's a MySQL database and populates the page with content from the database. The content contains a form for submitting data to the database. When the form posts its posts to itself $PHP_SELF.
When I fill out the information and post. The data is submitted to the database and the page is refreshed with some new content from the database.
Now if I go to another page and click the browsers back button to come back I get the following from the brower:

Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.

To resubmit your information and view this Web page, click the Refresh button.

I have the following at the top of the page to prevent caching:

header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");

Does anyone know what I can do to avoid this?

Thanks,
Troy

Anon

You are using no cache. That means the browser won't keep history pages for the forms that you submitted. and hence it gives that warning.

Anyways, I get the same problem if I use session_start() and come back to a page containing a form. I haven't got a fix yet.

Praveen

Anon

Use "GET" in forms instead of "POST" unless the information is vital. It solved my problem. (I guess so!!!)

praveen

Anon

Thanks for the info. I don't know why I didn't think of using the GET method. I guess I am so used to always using POST I forget that GET is available. That seemed to take care of my problem.

Thanks,
Troy

Anon

I have the same problem using in the same php pages:
1) post method
2) session_start();

Cannot use the get method because it shows sensitive information( e.g password).

No problem when I do not use session_start with POST.

Any way around?

Thanks,

Alejandro

Troy Oldroyd wrote:

Thanks for the info. I don't know why I didn't think of using the GET method. I guess I am so used to always using POST I forget that GET is available. That seemed to take care of my problem.

Thanks,
Troy

Anon

Hi,

If you use sensitive information, it is always advisible not to use Javascript:history.back().

A password field will never show you the information entered if you use the back button or javascript:history.back() whether session is started or not.

Anyways, I think there may be a solution for your problem, though I have not tried.

First, before starting the session, send a header like the following:
header("Cache-Control: no-cache, must-revalidate");
This will ensure that the page will reload every time user presses the back button or clicks on the javascript:history.back() button. Then you can start your session and the page content.

I think this should work. If it does, please reply me, 'cause I may want to use it some other time!!!

Bye
Praveen

Anon

Did you get this to work? I'm working on the same problem and need a solution.

Anon

Nope..
I found that this problem occurs when you use caching control like the first post, and when you use session_start. I don't know of any solution and have not found a work around.

Sorry,
Troy

Anon

The solution, if you're using PHP sessions, is to go into the php.ini file and change session.cache_limiter to have no value, like this:

session.cache_limiter = ;

If you do that, you get to use POST, you get to use the back button without worrying about "page expired" warnings, and you get fresh data -- your pages always show the newest data.

If you need to know what the session.cache_limiter does when it is blanked out, basically, it returns control of the cache to the browser and says, "use your best judgement." And the browsers seem to have pretty good judgement. It fixes all the problems mentioned in this thread.

parangariticuni

Thnx Anthony... that was the solution I was looking for.. it worked!!

Anon

Just want to say "cool, but waht if i have mulitple sites on on ehost. How do I set this up for only one site?

Anon

Hi,

Here's the complete solution.

Php seems to send the Cache-Control header after it sends the session cookie and before the content-type header. So inorder for user defined Cache-control header to work, the header must be send AFTER the session_start function has been called with no value like this:

session_start();
header("Cache-Control: ");
header("pragma: ");

Apparantly, when php starts a session, it also sets the Cache-Control header to the default value set in the php-ini, and also the pragma header, and if a Cache-control header is set by the user before the session_start function call, it will be overwritten by the new value.

Since we are not setting any value to the headers after we call the session_start function (as shown above), the headers are overwritten with a new blank value and hence the Cache-Control header and the pragma header are not at all sent.

Since the Cache-Control and the Pragma headers (I do not exactly know the use of pragma, but I'm including it here because after session_start function call php seems to set the pragma header value to "no-chache". In my case, it worked even if did not set the pragma directive.) are not sent, the browser takes its own decision as rightly said by Anthony, and hence this works.

Praveen

Anon

Doesn't seem to work on Netscape. Working on it... will reply as soon as find a solution.

Anon

http://support.microsoft.com/support/kb/articles/Q183/7/63.ASP

Anon

I am using the same model as you outline in the previous post. However I have a lot of things that I need to use in every file.

I wanted to add the following to an include file I include in every php page of mine at the top, but the session_start() command seems like it HAS to be on each page, and can not be included.

Are there any work arrounds for that? (Except heavy copy pasting)

session_start();
header("Cache-Control: ");
header("pragma: ");

Jesper.

Anon

session_start() perfectly works with include function. I've written hundreds of pages that required session with one single session managing script included at the beginning of each page.

For example, I have a large portion of the portal where only registered users can enter. I wrote a script and asked fellow programmers to include the same script whenever they need authenticated users for their pages. It worked very well. They were not required to bother about the session at all.

If you could let me know your situation, I could help.

Praveen

Anon

I tried adding the following to the top of my file as you described:

<?php
session_start();
header("Cache-Control: ");
header("pragma: ");
?>

then I use the following link:

<a href="show_homepage.php?band_name=<?=rawurlencode($band_name_array[$i])?>&booking_name=<?=rawurlencode($booking_name);?>&band_genre2=<?=rawurlencode($band_genre);?>">Tjek dem</a>

I find that it gives me a page expired error when I push the back button after having opened the link.

if I on the other hand uses this:
<?php
//session_start();
header("Cache-Control: ");
header("pragma: ");
?>

I do not get the session expired error. My conclusion so far is that session_start is causing the browser to ask for a refresh, and it is ignoring the 2 header orders.

What to do?

Jesper Risager.

Anon

Ok I found the solution to my own problem:

<?php
ini_set("session.cache_limiter","");
session_start();
?>

This is enough to remove all page expired errors from my code.

What it does is the following:

ini_set enables me to set variables in the ini file on the php server (which I do not have acces to otherwise). I then set session.cache_limiter to an empty value, which enables the browser to use it's own caching methods which it is pretty good at, and thus no more page expired.

I hope this will be to help for others as well.

sincearly Jesper Risager.

Jesper Risager wrote:

I tried adding the following to the top of my file as you described:

<?php
session_start();
header("Cache-Control: ");
header("pragma: ");
?>

then I use the following link:

<a href="show_homepage.php?band_name=<?=rawurlencode($band_name_array[$i])?>&booking_name=<?=rawurlencode($booking_name);?>&band_genre2=<?=rawurlencode($band_genre);?>">Tjek dem</a>

I find that it gives me a page expired error when I push the back button after having opened the link.

if I on the other hand uses this:
<?php
//session_start();
header("Cache-Control: ");
header("pragma: ");
?>

I do not get the session expired error. My conclusion so far is that session_start is causing the browser to ask for a refresh, and it is ignoring the 2 header orders.

What to do?

Jesper Risager.

Anon

I have listed the complete header sent by the server with php4, along with their respective scripts.

Here is an interesting observation.

I think actually there are two headers browsers check for displaying the session expired message. One is the "Cache-Control:" and other is the "Expires:".

When a session is started, a cookie is sent and also the Expires header. My server sends a Expires header having a date which is earlier than the current date. (see script 2 given below and the headers).

session.cache_limiter does exactly this, it does not send the three headers namely Cache-control, Expires and pragma if set to null as you did rightly.

This can also be achieved by using the 3rd script given below. Here, headers will still be sent, but with empty values.

You may use your technique which is shorter than my workaround.

1.
<?php
//session_start();
header("Cache-Control: ");
header("pragma: ");
?>

HTTP/1.1 200 OK
Date: Fri, 24 Aug 2001 06:29:27 GMT
Server: Apache/1.3.19 (Unix) (Red-Hat/Linux) mod_ssl/2.8.1 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
X-Powered-By: PHP/4.0.4pl1
Cache-Control:
pragma:
Connection: close
Content-Type: text/html

2.
<?php
session_start();
header("Cache-Control: ");
header("pragma: ");
?>

HTTP/1.1 200 OK
Date: Fri, 24 Aug 2001 06:27:06 GMT
Server: Apache/1.3.19 (Unix) (Red-Hat/Linux) mod_ssl/2.8.1 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
X-Powered-By: PHP/4.0.4pl1
Set-Cookie: PHPSESSID=91184a56bb5d260fbb0aa912795cc90b; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control:
Pragma:
Connection: close
Content-Type: text/html

3.
<?php
session_start();
header("Cache-Control: ");
header("Expires: ");
header("pragma: ");
?>

HTTP/1.1 200 OK
Date: Fri, 24 Aug 2001 06:27:38 GMT
Server: Apache/1.3.19 (Unix) (Red-Hat/Linux) mod_ssl/2.8.1 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
X-Powered-By: PHP/4.0.4pl1
Set-Cookie: PHPSESSID=949523cb30eef497407e0cf29bfbd2f3; path=/
Expires:
Cache-Control:
Pragma:
Connection: close
Content-Type: text/html

4.
<?php
ini_set("session.cache_limiter","");
session_start();
?>

HTTP/1.1 200 OK
Date: Fri, 24 Aug 2001 06:27:15 GMT
Server: Apache/1.3.19 (Unix) (Red-Hat/Linux) mod_ssl/2.8.1 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
X-Powered-By: PHP/4.0.4pl1
Set-Cookie: PHPSESSID=563c02bb37810f7a1a2c8e7cc2c9a782; path=/
Connection: close
Content-Type: text/html

Anon

This error is an IE problem and perhaps an IIS problem. But I see most are using Apache.

The problems I have with the warning page cannot be replicated in Netscape.

Microsoft have the help page but specifies it is only an IE 4.0/01 problems this is bollocks I have 5.5 installed and still get this error.

So there is no real answer for this except the one that comes from Microsoft I have tried setting my cache status in the php.ini file but this does not work either.

If anyone has any other ideas then please post anything to get rid of this annoyance.