miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications /  
 

Proxy (cache) problems and how to solve them

 
Author Moony
Partaker
#1 | Posted: 4 Apr 2008 11:27 
I travel a lot and very often work in Internet-cafes. In some places I noticed that pages are being cached in proxy-servers memory to minimize traffic. This make almost impossible to write to the forum, because after posting you see the older (saved) version of the page. This may also cause login problems.

There is a very easy way to solve this caching problem. You just have to add the following to your index.php file:

header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
I have done this a few months ago and everything works fine.

Author tom322
Active Member
#2 | Posted: 4 Apr 2008 13:18 
Do you mean index.php or the header? Either way, it may depend on the particular web browser (some refresh info fast, others like Opera not).

Author Paul
Lead Developer 
#3 | Posted: 5 Apr 2008 06:23 
If there is a server-cache, it doesn't depend on browser.

However this is a good suggestion and I might consider it while working on the updates, thanks.

Author Moony
Partaker
#4 | Posted: 7 Apr 2008 12:24 
Paul:
If there is a server-cache, it doesn't depend on browser.
Yes, I mean server-cache. In Kathmandu I had big problem: I logged in one internet-cafe and my password was cached in all internet cafes in the center of the town. Anybody could have admin rights on my website while I was logged in. So this is also a security issue.

Author Paul
Lead Developer 
#5 | Posted: 7 Apr 2008 13:08 
I must say when you are in internet cafe, this is a security issue itself.

I don't know if it's related to miniBB in general ;-) Without storing password data on the client side it's impossible to keep login information.

Author Paul
Lead Developer 
#6 | Posted: 8 Apr 2008 02:51 
Additionally I thought and I am not sure how it would be possible to grant admin access to everybody in the network even if you have entered admin's login credentials on one of the PCs in this network. When network uses cache, it caches just HTML pages, but all of your admin information is stored only on the PC where you have entered it. miniBB uses cookies - but even if it would use sessions, they are determined by a cookie, too. So all pages with admin panel links, for example, like "Delete" or "Lock topic" etc., would be cached, that's true, and all users in the network could see those pages. But there is nothing insecure as soon as they can't execute them. Because the only one cookie is stored on your PC, and only this cookie is taken into attention when authorizing.

Author tom322
Active Member
#7 | Posted: 19 Nov 2008 00:24 
I had it set up for a couple of months as a test and I conclude it's better not to use it because when you have addon that uses "javascript:history(-1)" the already entered text is lost after going back to the previous page. Plus if posting as a guest the username disappears, at least in IE..

Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications /
 Proxy (cache) problems and how to solve them
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Try the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑