Warning: Page has expired

[salewit]

I'm running all my html pages with a tiny bit of PhP code in the beginning. When I link to another page, and go to that page, then hit BACK on my browser, I get the "Warning: Page has expired". Can this be fixed somehow?

There are NO forms in the Php pages in question which is what the error message states... "The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you"

[Vin DSL]

Is it the 'news' link that you're talking about?

[salewit]

Hmmm not sure what you're referring to there. I have two simple standard html pages like this:


<html><head></head><body>
<A href="page2">Click here</a>
</body></html>

If I click the link to go to page 2, then click BACK on my browser, I come back to this page above no problem.

But if I change the above to include this little session check (to make sure a person is logged in to a private area), then I can not use the BACK button without getting a series of "Can't refresh" etc prompts.

<?PHP
include($cfgProgDir . "secure.php");
?>
<html><head></head><body>
<A href="page2">Click here</a>
</body></html>

[jason]

What's happening inside the "secure.php" file? Is it setting any no cache headers or anything like that? I'm guessing that's the problem. Without knowing what secure.php is doing, though, I can only speculate...

--Jason

[salewit]

Ahhh! Ok, I went looking around and in an include within secure.php I found this:

// no pageloads from cache or memory
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0

It looks like that is the problem.

This secure thing is actually that script called PhpSecurePages. If I remove the code above, then that means the entire page would be loaded from the visitors cache. But what does that do in terms of making sure people without access won't be able to get in?

Can I change the header to have it expire in say an hour or something so that a visitor could get a page from cache? Would that be the best work-around?

Thanks for the help!

Sam

[jason]

Sam,

If you comment out those lines then someone would be able to browse your site "offline" and see the secure sections of your site from the browser's cache.

If you want to change it to expire in an hour, comment out all but the first line. Then change the first line to

PHP Code:

header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600) . " GMT"); 


If you want to adjust the timeout, the 3600 is the number of seconds from the curent time that you want the page to time out.

--Jason

[salewit]

Funny thing.. at first it didn't work. I made the change, FTP'd the file, and ran the page and I kept getting a MySQL error. I was really puzzled by this. So I went in and brought back each old line one by one and FTP'd it up. Still the same thing. Then I reverted the thing back to where it was and it still gave me the same thing.

Then on a hunch, I checked the server status and sure enough, the only thing down on all servers was MySQL on mine.

It is now up, and all is well. Thanks so much for the help Jason!