Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Browser cache strategy for a guestbook-like perl script 1

Status
Not open for further replies.

eanon

Programmer
Jan 16, 2006
5
FR
Hi all. I'm working on a perl script (about techno-commercial notes depository ; close to a kind of dedicated guestbook working) which typically works like this :

#1 : input-form with submit and preview buttons
(text, hidden, checkbox, textarea, POST method)

user click submit from #1 => #2aa : error-page OR #2ab : success-page
user click preview from #1 => #2b : preview-page with submit button

user click back from #2aa => #1
user click show from #2ab => #3
user click back from #2b => #1
user click submit from #2b => #2aa OR #2ab

#3 : list the existing contributions (including new one if any)

Of course, the user can diretly go in #3 if he doesn't have to contribute at this time.

Well, all sounds right but my current concern is about browser (and proxy) caching.

If I let all like this, every one (co-users of any computer) can navigate to previous generated page (#1 with field filled, all #2 with their status messages, #3 which may be ou-of-date).

At a first step, I've decided to build two types of http response header : a first one called $nocache with "Cache-Control: no-cache\n" AND a second one called $agecache with "Cache-Control: max-age=900\n". Then, to apply $nocache everywhere except the input form in #1 which would
take $agecache.

This way because everyone must be able to be back to a previously informed input form (#1) from all of the #2 steps (error, success, preview. But nobody should be able to keep trace about #2 and #3.

So, does my way the good one ?

I've already seen some flaw which may become dammageable : for example, I've integrated a captcha mecanism and the "password-image" doesn't renew when user is back to the #1 (with $agecache) in the 900 seconds. So, in this case, how to force the pass-img to be renewed. And it must exists others lack...

Of course, I've also observed what done in some public guestbook script and most seems to ignore the subject and just let thing like they are naturally : everyone can navigate in previous cached generated pages.

Well, how would you proceed ? Any advice welcome : thanks
 
Hi

eanon said:
So, in this case, how to force the pass-img to be renewed.
That is another file, so it has its own HTTP headers. Good captcha is dynamically generated by a script, so there should be no problem to send it with no-cache header, even if the HTML document is cacheable.

Feherke.
 
OK and thanks, feherke, but what would be your own option about caching, in general. About a script which generates several sequencial steps (e.g. input -> preview -> post -> show), how do you proceed ? Do you allow cache or not ? For all steps, some only or not any ?
 
Hi

Personally I include caching limitations only in case when I implement some sign-in thing by hand, ( which means, not the HTTP authorization ). In case of a message posting system I would not bother about caching. Was implemented in browsers and proxies because helps, so I let it work.

But maybe I missed something in your problem. Better wait for some other answers too.

Feherke.
 
OK, understood :) So, it sounds like I'm a little bit to worried about not important things. Well, certainly that I'll set all with a reasonnable age-cache delay and maybe some without any cache possibility.

However, just a last question : do you think something like "Cache-Control: no-cache\n" and "Cache-Control: max-age=900\n" (depending of pages) are enough or do you advice to use a cunjunction of other way (ie. expire date, no-store, etc) ?
 
Hi

Note, that [tt]Cache-control[/tt] is specific for [link ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt]HTTP/1.1[/url], in [link ftp://ftp.rfc-editor.org/in-notes/rfc1945.txt]HTTP/1.0[/url] was only a [tt]Pragma[/tt] header. So better you include both. More about differences :

For example PHP by default include this headers to prevent caching when a session is used :
[tt]Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache[/tt]

You may include them, as you wish. I think if an agent does not implement the protocol correctly, is not the webmaster's duty to provide such workaround.

Feherke.
 
Well, the header you indicate is not so difficult to generate. I'll go toward this way. Thanks again, feherke for your valuable help.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top