header("Cache-control: private") not working 1

[Muppsy007]

Hi,

I have a multi page form, and I want to make sure that if a user goes back that they don't lose anything.

I have the below code at the very top of the first page:

session_start();
header("Cache-control: private");

This doesn't seem to work if you go back from the second page.

Now I have checked my php.ini file and I have the following:

session.cache_limiter = nocache

If I set this to "private", it seems to work OK.

I just want to know if there are any problems or security issues I should worry about if I do this.

Or if anyone can think of why the runtime command is not working (I had it working on my old server), that would be great.

Thanks
Aaron

 

[DRJ478]

I never trust the user, that also includes the client that the user has. Browsers are notoriosly diverse and display unexpected behaviors.
I recommend to use the session to cache all data and repopulate the previous page rather than relying on the browser's cache control behavior.
Also not that you can set the session.cache_limiter runtime with ini_set().

 

[Muppsy007]

Thanks DRJ478. Will use ini_set.

Aaron