diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-08-03 13:42:34 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-08-03 13:42:34 +0000 |
| commit | 900ad2b0993b2c2dd07301496f16e3ab4fd50aca (patch) | |
| tree | 8641293ab48dc88e6b906a75134adf122f570165 | |
| parent | 2c0571b89421e92e32a2f9b53a4ea24823bd2ef1 (diff) | |
| download | brdo-900ad2b0993b2c2dd07301496f16e3ab4fd50aca.tar.gz brdo-900ad2b0993b2c2dd07301496f16e3ab4fd50aca.tar.bz2 | |
- Patch #70521 by Grugnog2 et al: fixed 'double logins', caching, and logging in and out.
| -rw-r--r-- | includes/bootstrap.inc | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 1be37acfc..335156ec3 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -382,6 +382,15 @@ function drupal_load($type, $name) { /** * Set HTTP headers in preparation for a page response. * + * The general approach here is that anonymous users can keep a local + * cache of the page, but must revalidate it on every request. Then, + * they are given a '304 Not Modified' response as long as they stay + * logged out and the page has not been modified. + * + * Authenticated users are always given a 'no-cache' header, and will + * fetch a fresh page on every request. This prevents authenticated + * users seeing locally cached pages that show them as logged out. + * * @see page_set_cache */ function drupal_page_header() { @@ -413,6 +422,10 @@ function drupal_page_header() { header("Last-Modified: $date"); header("ETag: $etag"); + // The following headers force validation of cache: + header("Expires: Sun, 19 Nov 1978 05:00:00 GMT"); + header("Cache-Control: must-revalidate"); + // Determine if the browser accepts gzipped data. if (@strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') === FALSE && function_exists('gzencode')) { // Strip the gzip header and run uncompress. |