[OWASP_PHPSEC] FileLastModified ?
rahul300chaudhary400 at gmail.com
Tue Jun 25 17:21:59 UTC 2013
IN my implementation of "file last modified", would you like to include me
the "ETag" header or should I leave it as it is.
On Tue, Jun 25, 2013 at 1:08 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> These are sent by the browser in HTTP headers! Check a list of common
> headers and you will see.
> Everything starting with HTTP_* is a http header.
> On Tir 4, 1392, at 8:28 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
> OK....I get the equality thing now...such a silly question it was ... :P
> Now tell me about the two server variables HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH.
> Do these server variables automatically gets set?
> Suppose if I maintain the server in company, what do I have to do to set
> these variables ?
> On Tue, Jun 25, 2013 at 4:29 AM, Abbas Naderi <abiusx at owasp.org> wrote:
>> Feel free to IM me anytime you needed, thats why I'm there.
>> This is the scenario:
>> You present a file to the browser, along with its last modification time.
>> Browser caches the file along with this time. Next time browser asks for
>> that file, it tells you that it has the version with that time, and you
>> check the time of your file again, and if its a match they already have it.
>> You need to check if its exactly the same, because any older or newer
>> file you replace (you dont always put a newer file there, maybe you revert
>> it) should be replaced with the one browser has in cache.
>> On Tir 4, 1392, at 4:48 AM, rahul chaudhary <
>> rahul300chaudhary400 at gmail.com> wrote:
>> After reading lots of materials, I now understand the whole concept of
>> cache control in PHP. I also was able to understand your code and other
>> codes in the web to check if the page has been modified or not.
>> 1) What I don't understand is where the server variables such as
>> HTTP_IF_MODIFIED_SINCE and HTTP_IF_NONE_MATCH are set. How do they work.
>> There is no proper documentation that I could find.
>> 2) Also in the code, why equality is checked. Shouldn't you check if some
>> time is greater than the other, then send the new page, otherwise the
>> cached page will be used.
>> if ($if_modified_since == $gmdate_mod)
>> if ($SendHeader) header("HTTP/1.0 304 Not Modified");
>> return false;
>> *I think we should IM. I am very unclear on these two matters.*
>> Rahul Chaudhary
>> Ph - 412-519-9634
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
> Rahul Chaudhary
> Ph - 412-519-9634
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP_PHP_Security_Project