page expired

nogeekyet

Does anybody know how I can let a page "expire" so that when the user clicks the browser "back" button the page cannot be displayed anymore? Session cookies don't work for this.

sneakyimp

sessions could work for this, but I'm not sure this is what you want to do.

suppose that you want to create a page that, once left, it will have 'expired'. The trick is in some other page (we will call it other.php) you set a session value:

// other.php
session_start();
$_SESSION['ok_to_visit'] = TRUE;

then in the expiring page, called 'expires.php,' you can check that value and if it's not been set then you fail. if it has been set, clear it so the next visit will fail.

// expires.php

session_start(); // must start the session first!

if ($_SESSION['ok_to_visit'] !== TRUE) {
  die('this page has expired');
} else {
  unset($_SESSION['ok_to_visit'] );
}

//put your page content here.

bradgrafelman

Sounds like it'd be easier to just use the "Expires" HTTP header.

sneakyimp

It wasn't really clear what nogeekyet was after. You may send the 'expires' header but depending on the PHP contained inside, the PHP may render all over again and send the exact same output. As I understand it, the expires header merely gives you control over the browser's cache behavior. It wouldn't necessarily say 'the page cannot be displayed' would it?

bradgrafelman

sneakyimp;10943711 wrote:
It wouldn't necessarily say 'the page cannot be displayed' would it?

It could, or it could say something totally different - depends on the browser.

sneakyimp

I tried testing this and it doesn't seem to work for me. I'm not very experienced with sending headers so maybe I'm missing something. I created this file on my dev server (192.168.1.xxx) which is running MAMP:

<?php
// Sun, 06 Nov 1994 08:49:37 GMT
$exp = date('D, d M Y H:i:s');
header('Expires:' . $exp);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>expires test</title>
</head>
<body>
This document expires: <?=$exp ?><br>
<a href="page2.php">Page 2 Link</a>
</body>
</html>

page 2 is just some trivial php page. I visit the page and this is the output:

This document expires: Mon, 22 Feb 2010 17:20:23
Page 2 Link

I click the page 2 link and then click the back button and the information is identical. The date has not changed one second.

bradgrafelman

For one, this might not be easily possible. Here's a quote from the HTTP spec:

History mechanisms and caches are different. In particular history mechanisms
SHOULD NOT try to show a semantically transparent view of the current state
of a resource. Rather, a history mechanism is meant to show exactly what
the user saw at the time when the resource was retrieve

In other words, if browsers strictly followed the W3C spec, then what you're asking shouldn't be possible. But since they don't, it probably is.

Try some of these headers too:

$date = date('D, d M Y H:i:s \\G\\M\\T');
header('Pragma: no-cache');
header('Cache-Control: no-cache');
header("Expires: $date");
header("Date: $date");

sneakyimp

I tried your approach, but used 'e' insted of GMT for the timezone which correctly reports America/Los Angeles.

Clicking the back button still shows what I viewed the first time -- the timestamp is identical. I'm using firefox on WinXP. It makes sense that Firefox would have a 'history mechanism' that adheres to the W3C spec and "show exactly what the user saw at the time when the resource was retrieved." Opera also works this way.

In IE 8, the back button reveals an updated timestamp. It makes sense the IE doesn't adhere to the W3C spec and shows an updated/re-evaluated version of the page.

Safari also updates the timestamp. It also kind of makes sense that apple flouts the recommended behavior, given the way they seem to be behaving these days.

Still not sure what the original poster was after...

bradgrafelman

sneakyimp;10943730 wrote:
I tried your approach, but used 'e' insted of GMT for the timezone which correctly reports America/Los Angeles.

You can't use 'America/Los Angeles' as a time zone. It has to follow this format:

zone        =  "UT"  / "GMT"                ; Universal Time
                                            ; North American : UT
            /  "EST" / "EDT"                ;  Eastern:  - 5/ - 4
            /  "CST" / "CDT"                ;  Central:  - 6/ - 5
            /  "MST" / "MDT"                ;  Mountain: - 7/ - 6
            /  "PST" / "PDT"                ;  Pacific:  - 8/ - 7
            /  1ALPHA                       ; Military: Z = UT;
                                            ;  A:-1; (J not used)
                                            ;  M:-12; N:+1; Y:+12
            / ( ("+" / "-") 4DIGIT )        ; Local differential
                                            ;  hours+min. (HHMM)

If that doesn't work.. not sure what to suggest. Like I said, the standard states that it's not supposed to be possible, so perhaps it isn't unless you use some sort of kludge such as submitting a form or something like that.

sneakyimp

Ahh...ok i changed 'e' to 'T':

<?php
// Sun, 06 Nov 1994 08:49:37 GMT
$date = date('D, d M Y H:i:s T');
header('Pragma: no-cache');
header('Cache-Control: no-cache');
header("Expires: $date");
header("Date: $date"); 
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>expires test</title>
</head>
<body>
This document expires: <?=$date ?><br>
<a href="page2.php">Page 2 Link</a>
</body>
</html>

which outputs this date format:

Mon, 22 Feb 2010 19:09:40 PST

The behavior is still the same -- which tends to jibe with your quote from the HTTP spec.

This approach does seem to do what i think he wants. start with page 0:

<?php
session_start();
$_SESSION['ok_to_visit'] = TRUE;
?>
<a href="page1.php">page 1</a>

click that link and go to page 1:

<?php

// expires.php

session_start(); // must start the session first!

if (!isset($_SESSION['ok_to_visit']) || ($_SESSION['ok_to_visit'] !== TRUE)) {
  die('this page has expired');
} else {
  unset($_SESSION['ok_to_visit'] );
}

?>
HERE IS THE PAGE CONTENT<br>
<a href="page2.php">page 2</a>

click that link and go to page 2, whose content is irrelevant, then click the back button. i get:

this page has expired

Which, given the results of this discussion so far, is kind of a mystery to me.

nogeekyet

Sorry folks, I did not mean to ignore your help. My cold simply got the better of me.

The problem is that when the user clicks the browser back button, the page is NOT reloaded. It comes out of cache, doesn't it? Hence, the code of checking the session cookie will not be executed again. That's history. Right or wrong? Now if the user were to "refresh", it would be a different story. Will somebody set me straight?

sneakyimp

Try this first recommendation I made, using session. it seems to work i think, but you need to be very concise about what you want to happen.