session_cache_limiter

    (PHP 4 >= 4.0.3, PHP 5, PHP 7, PHP 8)

    session_cache_limiterLit et/ou modifie le limiteur de cache de session

    Description

    session_cache_limiter(?string $value = null): string|false

    session_cache_limiter() retourne la configuration courante du limiteur de cache.

    Le limiteur de cache contrôle les en-têtes HTTP envoyés au client. Certains en-têtes déterminent les règles de mise en cache de la page sur le navigateur. En configurant ce limiteur à nocache, par exemple, le navigateur ne mettra pas la page dans son cache. La valeur public, au contraire, permettra le cache. La valeur private désactive le cache pour le proxy et autorise le client à mettre en cache le contenu.

    En mode private, l'en-tête Expire envoyé au client peut poser des problèmes à certains navigateurs, comme, notamment, Mozilla. Vous pouvez éviter ce problème avec le mode private_no_expire. L'en-tête Expire n'est jamais envoyé au navigateur pour ce mode.

    Le fait de définir le limiteur de cache à la valeur '' désactivera automatiquement et totalement l'envoi des en-têtes de cache.

    Le limiteur de cache est remis à la valeur par défaut de session.cache_limiter à chaque démarrage de script PHP. Donc, vous devrez appeler session_cache_limiter() à chaque page, et avant session_start().

    Liste de paramètres

    value

    Si value est fourni et non null, le limiteur de cache est reconfiguré avec cette valeur.

    Valeurs possibles
    Valeurs Entêtes envoyés
    public 
    Expires: (Quelque chose dans le futur, suivant session.cache_expire)
Cache-Control: public, max-age=(Quelque chose dans le futur, suivant session.cache_expire)
Last-Modified: (le timestamp correspondant à la dernière sauvegarde de la session)
    private_no_expire 
    Cache-Control: private, max-age=(session.cache_expire dans le futur)
Last-Modified: (le timestamp correspondant à la dernière sauvegarde de la session)
    private 
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, max-age=(session.cache_expire dans le futur)
Last-Modified: (le timestamp correspondant à la dernière sauvegarde de la session)
    nocache 
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

    Valeurs de retour

    Retourne le nom du limiteur de cache courant. En cas d'échec, false est retourné.

    Historique

    Version Description
    8.0.0 value est désormais nullable.

    Exemples

    Exemple #1 Exemple avec session_cache_limiter()

    <?php

    /* configure le limiteur de cache à 'private' */

    session_cache_limiter('private');
    $cache_limiter = session_cache_limiter();

    echo     "Le limiteur de cache vaut maintenant $cache_limiter<br />";
    ?>

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 24 notes

    up
    11
    clay at killersoft dot com
    17 years ago
    The actual headers that are set using the values described above are:

    public:
    Expires: pageload + 3 hours
    Cache-Control: public, max-age=10800

    private:
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: private, max-age=10800, pre-check=10800

    nocache:
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache

    private_no_expire:
    Cache-Control: private, max-age=10800, pre-check=10800


    Regarding other settings mentioned by some, those just don't do anything. Check the source of PHP, in ext/session/session.c -- the above values are all that actually do anything. Other values, or an emtpy string, result in no cache-limiting headers being set at all.
    up
    6
    Jeremiah at jkjonesco dot com
    18 years ago
    If you are trying to work with dynamic binaries such as videos or images, the new IE 7 appears to require the ETag header. You will need to make sure that you follow the specifications for how ETag works in order for your cache control to work properly. Mozilla supports the ETag header as well, but does NOT require it for caching. If you need to cache a dynamic image, video, or other binary file, then be sure to set your ETag and then check for the If-Not-Modified header on subsequent requests so that you can properly return the 304 Not Modified page.
    up
    6
    ire dot ogunsina at gmail dot com
    16 years ago
    I have had some trouble preventing IE, particular IE 7 to stop caching pages. I read quite a number of articles relating to people's experiences and how they fixed it but it was hard to find one that worked for me. Eventually I had to use the following fix:
    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    <META HTTP-EQUIV="Expires" CONTENT="-1">

    based on the information available on following url: http://support.microsoft.com/kb/234067

    Would to God that we'd all quit IE for good. Hope this saves someone some agony over IE.
    up
    2
    john
    19 years ago
    In addition to the above, don't forget to check the php.ini file for the setting: session.cache_limiter = nocache

    Since I use xoops and didn't start the session, I had the SSL/download problem until I noticed this.
    up
    2
    snakes at ntica dot com
    19 years ago
    Avoiding caching PHP pages:
    After lot of tries and research this is the best combination of headers I've found that seems to work well even with the proxy of visitors that are using satellit connection.

    <?
    header("ETag: PUB" . time());
    header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()-10) . " GMT");
    header("Expires: " . gmdate("D, d M Y H:i:s", time() + 5) . " GMT");
    header("Pragma: no-cache");
    header("Cache-Control: max-age=1, s-maxage=1, no-cache, must-revalidate");
    session_cache_limiter("nocache");
    ?>
    up
    2
    pulstar at ig dot com dot br
    20 years ago
    You can find more information about to control the cache in PHP at http://www.php.net/manual/en/function.header.php

    If you have a dinamic website and want to allow your visitors to use the back button after they sent a form with the post method, the best combination I found was:

    <?php

    header    ("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
    header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    header("Cache-Control: post-check=0, pre-check=0",false);
    session_cache_limiter("must-revalidate");

    // and after you start the session
    session_start();

    ?>

    I try some combinations using header("Cache-Control: no-cache, must-revalidate"), but when clicking the back button, the last changes in the form back to their previous states. The combination above works fine with IE 6.x. I didn't test this with other browsers.

    When I try something like session_cache_limiter("nocache, must-revalidate") it doesn't work. The page only updates when I used the browser's refresh button. In dynamic web sites this is not good. The content must be fresh after each click.

    I didn't find these combinations like "private, must-revalidate" documented in the manual and I guess that something different from "none, nocache, private, public and private_no_expire" are resolved to "none" or something like that. One thing I notice is that in session_cache_limiter() it is "nocache", but in header() it is "no-cache". This may give us some clues about how session_cache_limiter() function works.

    About caching, the perfect solution I think is to give the correct expiration date and time and also the right last-modified header for each element in the web site, when they are really updated. This means a lot of extra controls of course, but may worth in web sites with high overload.

    The "public" option means that all available cache in proxies and clientes will be used, so this improves the speed of the web site and also reduces the used bandwidth. But without the right expiration and last-modified headers, you can use it only in static web sites.

    The "private" option means that only the cache in clients will be used. This is good for a more sensitive data that can be stored locally in the browser cache. It have some benefits of the public option, but the same restrictions too.

    The "nocache" (or no-cache?) option means that the HTML portion will not be cached, but the images, CSS and JS files will. This is good for dynamic websites because you still can use the power of cache without loose the refreshness after each click. These files can be updated when you open the web site or use the browser's refresh button.
    I don't know why, but flash files are never updated when you click the refresh button. A common solution for this is to change the file name when you update the flash file.

    The "no-store" option means that all the content will not be cached anyway, including images, CSS or JS files. I don't know if this applyes to flash files too, but is possible. This option must be used with very sensitive data. I think the SSL uses this by default.
    up
    1
    yves at kochira point com
    16 years ago
    To avoid a headache while trying the various parameters in Firefox 3.0.1 (+Firebug), just restart the browser after a change... or they're not taken into account (from 'no-cache' to 'public'/'private').
    up
    1
    richard at izyn dot co dot nz
    21 years ago
    I found that session_cache_limiter("none") works for me when I create PDFs on the fly because session_cache_limiter("private") causes the browser(IE6) to cache the PDF indefinitely.
    up
    1
    jthome at fcgov dot com
    21 years ago
    In addition to the note above regarding SSL/IE bug/Sessions, also make sure you DO NOT SET THE HEADER 'Pragma: no-cache' if you are sending an inline document (e.g., PDF document).

    For example:

    <?php

    header    ("Content-Type: application/pdf");
    header("Content-Disposition: inline; filename=foo.pdf");
    header("Accept-Ranges: bytes");
    header("Content-Length: $len");
    header("Expires: 0");
    header("Cache-Control: private");
    // header("Pragma: no-cache");//don't send this header!!

    ?>

    Best,

    --
    Jim
    up
    0
    glenk7901
    9 years ago
    I was having a fit trying fix an issue caused by session.cache_limiter. Somehow I had set this to nocache (a long time ago) in the .ini file and this setting caused the back-button to not work. When session.cache_limiter was set on private or public, the back-button worked, but then logging out of the site did not work. I had thought that session.cache_limiter was something that should be enabled, but finally found today that turning it off (by setting it to '') fixed both these problems. So now the question for me is, when would anybody ever want to use session.cache_limiter? I was hating Php because of this problem.
    up
    0
    scott at realorganized dot com
    16 years ago
    http://us.php.net/session_cache_limiter

    sends:

    Pragma: no-cache

    under some conditions from server to client.

    Internet Explorer has a strange interpretation of: Pragma: No-cache
    being sent from the server to the client.

    Here's the link:

    http://support.microsoft.com/kb/234067

    If the client communicates with the server over a secure connection (https://) and the server returns a Pragma: no-cache header with the response, Internet Explorer does not cache the response.

    Note, however, that the Pragma: no-cache header was not intended for this. According to the HTTP 1.0 and 1.1 specifications, this header is defined in the context of a request only, not a response, and is actually intended for proxy servers that may prevent certain important requests from reaching the destination Web server. For future applications, the Cache-Control header is the proper means for controlling caching.

    For this reason, watch out when using the Pragma: no-cache with https and IE
    up
    0
    Anonymous
    19 years ago
    Andrei Chirila, andrei_chirila at yahoo dot com
    12-Jan-2005 09:30
    I played about an hour with the download and sessions. yes, to work you'll need session_cache_limiter("must-revalidate"); but this BEFORE session_start() if you want that your download start [IE problem]. Hope someone will need this someday

    ====

    yes, somebody has needed this today :)

    situation: trying to make a session based download management system complete with user login system that requries an authorized user to download some files, and hide all such files from non-authorized users. the user login, download center, and content management system of the site are all tied in to each other, making troubleshooting this headering stuff a headache.

    problem: files being served are not accessible thru the regular site, since they are above the htdocs folder in apache, and so headering the file is required, and sessions do not work well with files being headered to the browser.

    solution: the download center uses ob_start("");, then session_cache_limiter("must-revalidate");, before the session_start();, then everything works well.

    thank you very much! i was resorting to using a cookie to control this before because i could not figure out how to tie in sessions to the system before!
    up
    0
    donovan at go4 dot com dot au
    19 years ago
    IE6 'the file could not be written to the cache':

    I tried all the other suggestions mentioned here but none of them worked.

    I friend suggested header("Pragma: ");

    This worked straight away!
    up
    0
    justin at justintubbs dot com
    20 years ago
    I have PHP 4.3 running on a Windows 2003 Server running IIS 6.0 also using SSL encryption for my pages. I could not (for the life of me) figure out how to get IE 6.0/WinXPPro to recognize a set of HTML tables as an Excel spreadsheet export, and it was due to the header() variables I was using. Hopefully these are helpful to others who are attempting the same type of export within PHP.

    *This example builds on the previously submitted one, adding a few necessary headers.

    <?php
    header    ("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
    header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Cache-Control: public");
    header("Content-Description: File Transfer");

    session_cache_limiter("must-revalidate");
    header("Content-Type: application/vnd.ms-excel");
    header('Content-Disposition: attachment; filename="fileToExport.xls"');

    // and after you start the session
    session_start();
    ?>
    up
    0
    misterp3d at hotmail dot com
    20 years ago
    I had a problem using a FORM with POST method when user of my website was using the back button. The page requested a refresh to be able to see again the FORM.

    To solve the problem I used :
    <?php
    session_cache_limiter    ('private, must-revalidate');
    ?>

    *You need to write this line before any output

    Hope that will help some of you ;)

    [P]
    up
    0
    MerlinsInvite
    21 years ago
    I solved the problem with pushing downloads to browser's, without needing to play with server/session parameters by using :
    header("Content-Disposition: inline; filename=\"$filename\"");
    for IE browsers and
    header("Content-Disposition: attachment; filename=\"$filename\"");
    for all other browsers.
    up
    -1
    Anonymous
    19 years ago
    The onLoad method of Actionscript's loadVars class was returning false in IE6 using SSL until I set --> session_cache_limiter("must-revalidate"); <-- on the receiving PHP script.
    up
    -1
    Andrei Chirila, andrei_chirila at yahoo dot com
    20 years ago
    I played about an hour with the download and sessions. yes, to work you'll need session_cache_limiter("must-revalidate"); but this BEFORE session_start() if you want that your download start [IE problem]. Hope someone will need this someday ...
    up
    -1
    Mikko H?m?l?inen
    21 years ago
    I had a similair problem (browsers couldn't save files coming from my download-script). Only in my case the problem occured with IE 6.0 and Netscape 7.1. Adding the "session_cache_limiter('public');" before "session_start();" helped.
    up
    -1
    plyrvt at mail dot ru (Yura Pylypenko)
    21 years ago
    Be careful using session_cache_limiter() with ob_start('ob_gzhandler')
    If ob_start('ob_gzhandler') is called after session_cache_limiter() it seems to overwrite cache control headers with 'nocache' equivalent.
    So always put ob_start first.
    up
    -3
    Fernando Gabrieli fgabrieli at gmail
    17 years ago
    <?
    session_cache_limiter ('private, must-revalidate');

    $cache_limiter = session_cache_limiter();

    //

    session_cache_expire(60); // in minutes

    session_start() ;
    ?>

    If i do not set must-revalidate, IE seems to cache session variables without refreshing them

    If i post a form then it refreshes the variables

    Firefox does not have this problem

    So, be sure to use must-revalidate
    up
    -3
    usenet at phord splat com
    21 years ago
    Hey! NickyBoy was right!

    I looked all over google and his note was the only place that had it right. But, there's a caveat.

    I wrote up my results here:
    http://www.phord.com/experiment/cache/
    up
    -3
    radu dot rendec at ines dot ro
    19 years ago
    I've read the other comments and done some "reasearch" on my own. Using php's session mechanism and explicitly setting the "cache-control" header should not be mixed.

    When session_start() is called, the "cache-control" and "pragma" headers are automatically set by php (to whatever value had been specified using session_cache_limiter()).

    Explicitly setting those headers _before_ session_start() will have no effect, and explicitly setting them _after_ session_start() will overwrite the settings from session_cache_limiter().

    If I had to deal with php sessions, I'd go for using session_cache_limiter() and leaving the headers alone.
    up
    -3
    nickyboy at 4ce.co.uk
    22 years ago
    The problems people mention about IE are actually a feature!
    Microsoft Knowledge Base Article 316431 says:

    In order for Internet Explorer to open documents in Office (or any out-of-process, ActiveX document server), Internet Explorer must save the file to the local cache directory and ask the associated application to load the file by using IPersistFile::Load. If the file is not stored to disk, this operation fails.

    When Internet Explorer communicates with a secure Web site through SSL, Internet Explorer enforces any no-cache request. If the header or headers are present, Internet Explorer does not cache the file. Consequently, Office cannot open the file.

    They say this applies to:
    Microsoft Internet Explorer 5.5 for Windows 2000
    Microsoft Internet Explorer 5.01 for Windows 2000
    Microsoft Internet Explorer version 6 for Windows 2000
    not sure about other versions!

    hth
    nickyboy
    add a note
    To Top