========================================= 2/14/04 2:19 pm feingold.christianlong.com ========================================= ========================================= Current status logged in, home page ========================================= ========================================= Action Click on log out ========================================= GET /user/logout HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/x-shockwave-flash, */* Referer: http://feingold.christianlong.com/ Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; iOpus-I-M; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Host: feingold.christianlong.com Connection: Keep-Alive Cookie: PHPSESSID=bcca########################; PHPSESSID=bcca######################## HTTP/1.1 302 Found Date: Sat, 14 Feb 2004 20:19:02 GMT Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a X-Powered-By: PHP/4.3.3 Set-Cookie: PHPSESSID=bcca########################; expires=Mon, 08-Mar-04 23:52:22 GMT; path=/ Location: http://feingold.christianlong.com/ Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/x-shockwave-flash, */* Referer: http://feingold.christianlong.com/ Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; iOpus-I-M; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Host: feingold.christianlong.com Connection: Keep-Alive Cookie: PHPSESSID=bcca########################; PHPSESSID=bcca######################## HTTP/1.1 200 OK Date: Sat, 14 Feb 2004 20:19:02 GMT Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a X-Powered-By: PHP/4.3.3 Set-Cookie: PHPSESSID=bcca########################; expires=Mon, 08-Mar-04 23:52:22 GMT; path=/ Last-Modified: Sat, 14 Feb 2004 20:13:51 GMT ETag: "55fd5ca6a16e3e59d201cceb41019de2" Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 ========================================= State Home Page, not logged in http://feingold.christianlong.com/ ========================================= ========================================= Action - log in ========================================= POST /user/login HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/x-shockwave-flash, */* Referer: http://feingold.christianlong.com/ Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; iOpus-I-M; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Host: feingold.christianlong.com Content-Length: 158 Connection: Keep-Alive Cache-Control: no-cache Cookie: PHPSESSID=bcca########################; PHPSESSID=bcca######################## edit%5Bdestination%5D=http%3A%2F%2Ffeingold.christianlong.com%2Fnode&edit%5Bname%5D=######&edit%5Bpass%5D=######&edit%5Bremember_me%5D=0&op=Log+in HTTP/1.1 302 Found Date: Sat, 14 Feb 2004 20:20:22 GMT Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a X-Powered-By: PHP/4.3.3 Set-Cookie: PHPSESSID=bcca########################; expires=Mon, 08-Mar-04 23:53:42 GMT; path=/ Set-Cookie: PHPSESSID=bcca########################; path=/ Location: http://feingold.christianlong.com/node?PHPSESSID=bcca######################## Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 GET /node?PHPSESSID=bcca######################## HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/x-shockwave-flash, */* Referer: http://feingold.christianlong.com/ Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; iOpus-I-M; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Host: feingold.christianlong.com Connection: Keep-Alive Cache-Control: no-cache Cookie: PHPSESSID=bcca########################; PHPSESSID=bcca######################## HTTP/1.1 200 OK Date: Sat, 14 Feb 2004 20:20:23 GMT Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a X-Powered-By: PHP/4.3.3 Set-Cookie: PHPSESSID=bcca########################; expires=Mon, 08-Mar-04 23:53:43 GMT; path=/ Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 ========================================= State Logged-in home page http://feingold.christianlong.com/node?PHPSESSID=bcca######################## ========================================= ========================================= Action Click on home ========================================= What does happen: Nothing No HTTP traffic results from this click. We just hit the browser cache. This is the problem. What should happen: The browser should validate the cached version of its home page with the server. The server should say, 'nope, no longer valid. Here's a fresh (logged-in) version' ========================================= State - back to cached version of non-logged-in home page note that no network traffic happened Solution: mark non-logged-in home page as no-cache Solution 2: get the php sesson ID out of the URL after login ========================================= ========================================= Action Refresh F5 ========================================= Here we get HTTP trafic (didn't record it, sorry), and the current (logged-in) home page is fetched from the server.