Hi all. I'm working on a perl script (about techno-commercial notes depository ; close to a kind of dedicated guestbook working) which typically works like this :
#1 : input-form with submit and preview buttons
(text, hidden, checkbox, textarea, POST method)
user click submit from #1 => #2aa : error-page OR #2ab : success-page
user click preview from #1 => #2b : preview-page with submit button
user click back from #2aa => #1
user click show from #2ab => #3
user click back from #2b => #1
user click submit from #2b => #2aa OR #2ab
#3 : list the existing contributions (including new one if any)
Of course, the user can diretly go in #3 if he doesn't have to contribute at this time.
Well, all sounds right but my current concern is about browser (and proxy) caching.
If I let all like this, every one (co-users of any computer) can navigate to previous generated page (#1 with field filled, all #2 with their status messages, #3 which may be ou-of-date).
At a first step, I've decided to build two types of http response header : a first one called $nocache with "Cache-Control: no-cache\n" AND a second one called $agecache with "Cache-Control: max-age=900\n". Then, to apply $nocache everywhere except the input form in #1 which would
take $agecache.
This way because everyone must be able to be back to a previously informed input form (#1) from all of the #2 steps (error, success, preview. But nobody should be able to keep trace about #2 and #3.
So, does my way the good one ?
I've already seen some flaw which may become dammageable : for example, I've integrated a captcha mecanism and the "password-image" doesn't renew when user is back to the #1 (with $agecache) in the 900 seconds. So, in this case, how to force the pass-img to be renewed. And it must exists others lack...
Of course, I've also observed what done in some public guestbook script and most seems to ignore the subject and just let thing like they are naturally : everyone can navigate in previous cached generated pages.
Well, how would you proceed ? Any advice welcome : thanks
#1 : input-form with submit and preview buttons
(text, hidden, checkbox, textarea, POST method)
user click submit from #1 => #2aa : error-page OR #2ab : success-page
user click preview from #1 => #2b : preview-page with submit button
user click back from #2aa => #1
user click show from #2ab => #3
user click back from #2b => #1
user click submit from #2b => #2aa OR #2ab
#3 : list the existing contributions (including new one if any)
Of course, the user can diretly go in #3 if he doesn't have to contribute at this time.
Well, all sounds right but my current concern is about browser (and proxy) caching.
If I let all like this, every one (co-users of any computer) can navigate to previous generated page (#1 with field filled, all #2 with their status messages, #3 which may be ou-of-date).
At a first step, I've decided to build two types of http response header : a first one called $nocache with "Cache-Control: no-cache\n" AND a second one called $agecache with "Cache-Control: max-age=900\n". Then, to apply $nocache everywhere except the input form in #1 which would
take $agecache.
This way because everyone must be able to be back to a previously informed input form (#1) from all of the #2 steps (error, success, preview. But nobody should be able to keep trace about #2 and #3.
So, does my way the good one ?
I've already seen some flaw which may become dammageable : for example, I've integrated a captcha mecanism and the "password-image" doesn't renew when user is back to the #1 (with $agecache) in the 900 seconds. So, in this case, how to force the pass-img to be renewed. And it must exists others lack...
Of course, I've also observed what done in some public guestbook script and most seems to ignore the subject and just let thing like they are naturally : everyone can navigate in previous cached generated pages.
Well, how would you proceed ? Any advice welcome : thanks
So, it sounds like I'm a little bit to worried about not important things. Well, certainly that I'll set all with a reasonnable age-cache delay and maybe some without any cache possibility.