[OWASP_PHPSEC] FileLastModified ?

Abbas Naderi abiusx at owasp.org
Tue Jun 25 08:29:03 UTC 2013


Feel free to IM me anytime you needed, thats why I'm there.

This is the scenario:
You present a file to the browser, along with its last modification time. Browser caches the file along with this time. Next time browser asks for that file, it tells you that it has the version with that time, and you check the time of your file again, and if its a match they already have it. 

You need to check if its exactly the same, because any older or newer file you replace (you dont always put a newer file there, maybe you revert it) should be replaced with the one browser has in cache.

Thanks
-Abbas

On Tir 4, 1392, at 4:48 AM, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> After reading lots of materials, I now understand the whole concept of cache control in PHP. I also was able to understand your code and other codes in the web to check if the page has been modified or not.
> 
> 1) What I don't understand is where the server variables such as HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH are set. How do they work. There is no proper documentation that I could find.
> 
> 2) Also in the code, why equality is checked. Shouldn't you check if some time is greater than the other, then send the new page, otherwise the cached page will be used.
> if ($if_modified_since == $gmdate_mod)
>     {
> 	if ($SendHeader) header("HTTP/1.0 304 Not Modified");
> 	return false;
>     }
> 
> I think we should IM. I am very unclear on these two matters.
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130625/488b3277/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list