PHP sessions and the Pragma:no-cache header30 May 2011
You may have seen the
Pragma:no-cache response header on various website (if
you're that kind of guy actually reading HTTP response headers...).
What you may not know is that this Header doesn't actually exists. The Pragma header is supposed to be *Request *header, not a *Response *header.
It is not only useless, it may also trigger strange caching bugs in IE6. I'm sure you know what kind of IE6 quirks I'm talking about. The best is to remove it, just to be sure.
This is a common misconception (I myself didn't know that before reading this excellent caching tutorial), and that header is still returned in a lot of request.
For example, if you set your
php.ini, then PHP will send this header (as defined in the
sessioncachelimiter doc. This is obviously wrong.
It also adds a weird
Expires: Thu, 19 Nov 1981 08:52:00 GMT header. I don't
like it as it allow easy fingerprinting of the server-side technology used.
I changed my
session.cache_delimiter value to
private_no_expire to return
First, it removed the useless
Pragma, but it also removes the
Cache-Control is enough).
Want to add something ? Feel free to get in touch on Twitter : @pixelastic