[OWASP_PHPSEC] FileLastModified ?

rahul chaudhary rahul300chaudhary400 at gmail.com
Tue Jun 25 17:21:59 UTC 2013


IN my implementation of "file last modified", would you like to include me
the "ETag" header or should I leave it as it is.


On Tue, Jun 25, 2013 at 1:08 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> These are sent by the browser in HTTP headers! Check a list of common
> headers and you will see.
> Everything starting with HTTP_* is a http header.
> -A
>
> On Tir 4, 1392, at 8:28 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
> OK....I get the equality thing now...such a silly question it was ... :P
>
> Now tell me about the two server variables  HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH.
> Do these server variables automatically gets set?
>
> Suppose if I maintain the server in company, what do I have to do to set
> these variables ?
>
>
> On Tue, Jun 25, 2013 at 4:29 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>
>> Feel free to IM me anytime you needed, thats why I'm there.
>>
>> This is the scenario:
>> You present a file to the browser, along with its last modification time.
>> Browser caches the file along with this time. Next time browser asks for
>> that file, it tells you that it has the version with that time, and you
>> check the time of your file again, and if its a match they already have it.
>>
>> You need to check if its exactly the same, because any older or newer
>> file you replace (you dont always put a newer file there, maybe you revert
>> it) should be replaced with the one browser has in cache.
>>
>> Thanks
>> -Abbas
>>
>> On Tir 4, 1392, at 4:48 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>>
>> After reading lots of materials, I now understand the whole concept of
>> cache control in PHP. I also was able to understand your code and other
>> codes in the web to check if the page has been modified or not.
>>
>> 1) What I don't understand is where the server variables such as
>> HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH are set. How do they work.
>> There is no proper documentation that I could find.
>>
>> 2) Also in the code, why equality is checked. Shouldn't you check if some
>> time is greater than the other, then send the new page, otherwise the
>> cached page will be used.
>> if ($if_modified_since == $gmdate_mod)
>>     {
>> if ($SendHeader) header("HTTP/1.0 304 Not Modified");
>> return false;
>>     }
>>
>> *I think we should IM. I am very unclear on these two matters.*
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>  _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130625/4c1488a8/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list