diff options
| -rw-r--r-- | includes/bootstrap.inc | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 1be37acfc..335156ec3 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -382,6 +382,15 @@ function drupal_load($type, $name) { /** * Set HTTP headers in preparation for a page response. * + * The general approach here is that anonymous users can keep a local + * cache of the page, but must revalidate it on every request. Then, + * they are given a '304 Not Modified' response as long as they stay + * logged out and the page has not been modified. + * + * Authenticated users are always given a 'no-cache' header, and will + * fetch a fresh page on every request. This prevents authenticated + * users seeing locally cached pages that show them as logged out. + * * @see page_set_cache */ function drupal_page_header() { @@ -413,6 +422,10 @@ function drupal_page_header() { header("Last-Modified: $date"); header("ETag: $etag"); + // The following headers force validation of cache: + header("Expires: Sun, 19 Nov 1978 05:00:00 GMT"); + header("Cache-Control: must-revalidate"); + // Determine if the browser accepts gzipped data. if (@strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') === FALSE && function_exists('gzencode')) { // Strip the gzip header and run uncompress. |