1 Topic by Thomas2 (edited by Thomas2 2007-08-23 14:38)

  • Registered: 2007-08-20
  • Posts: 15

Topic: Wrong Redirect after Logout/Login

Hi,

I have installed PunBB a few days ago for my website and everything seemed to work OK from my own computer, but when I tested it from the public computers in my local library, I  noticed some problems with the page redirect after I logout from my session. After the redirect notice, the page still says 'you are logged in as...'  although I am actually logged out. From then on it gets really confusing, because when I subsequently log in as a different user for instance, I still get the message that I am logged in as the first user; only when I request a page that I haven't requested before (e.g. the search page) it gives the correct user name.
The problem exists by the way also for this particular forum, so it is not restricted to my installation.

Similar problems have been reported before in this forum, and it has been suggested that it has something to do with cookies, but to me it looks more like a cache problem. The point is that the local library network connects, as far as I am aware, over a proxy server to the internet, and it seems that pages are getting cached there that shouldn't be cached. I have therefore already additionally added a "Cache-Control: private" to the HTTP headers, but to no avail.

I personally could live with this behaviour, but I think for the unspecting user it is unacceptable, so any suggestions how to remedy this are appreciated (as otherwise I really like PunBB).

Other forums (e.g. phpBB) don't have this problem at all by the way, so this shows that it should be possible to make this properly work even in this particular case.


Thomas

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Wrong Redirect after Logout/Login

It sounds to me like a caching problem, as you said, although I think the real issue is with the proxy server doing the caching, not PunBB.
In any case, could you paste your header.php so we can see what changes you have tried so far?

  • Registered: 2007-08-20
  • Posts: 15

Re: Wrong Redirect after Logout/Login

I simply changed

header('Cache-Control: post-check=0, pre-check=0', false);

to

header('Cache-Control: private, post-check=0, pre-check=0', false);

in header.php.

I did not necessarily expect it to make any difference (and indeed it didn't) because normally one would expect the 'Expires' header used to prevent any caching regardless, but one can never be sure how some proxy servers are set up in this respect, and the missing 'private' directive was the only crucial difference when I compared the punBB header with that of other forums like phpBB (where the redirect problem does not occur).

Thomas

4 Reply by yemgi

  • yemgi
  • Senior Member
  • Offline
  • From: Crawley, West Sussex
  • Registered: 2007-04-10
  • Posts: 254

Re: Wrong Redirect after Logout/Login

could not <meta http-equiv="pragma" content="no-cache"> tell the proxy not to cache the page ?

Powered by FluxBB

yemgi's Website

5 Reply by Thomas2 (edited by Thomas2 2007-08-25 10:22)

  • Registered: 2007-08-20
  • Posts: 15

Re: Wrong Redirect after Logout/Login

yemgi wrote:

could not <meta http-equiv="pragma" content="no-cache"> tell the proxy not to cache the page ?

Hardly, as only a web browser could see the HTML meta tags in the first place.



But anyway, I resolved the issue now by making further changes to the headers in header.php. Using

header ('Expires: 0');
header('Cache-Control: private, post-check=0, pre-check=0, max-age=0');
header('Pragma: no-cache');   

instead of the original headers, the problem has disappeared now.
I don't know yet for certain which of the changes I made is the crucial one ( because I don't have FTP access in the library, I have to make the changes at home, and then go to the library to check out the results), but I suppose it is the dropped Last-Modified header, as now there is no way to validate the page and thus no reason for the proxy server to store it in the first place (all other boards I checked out (e.g. phpBB) don't issue a Last-Modified header either by the way).

Thomas

  • Registered: 2007-08-20
  • Posts: 15

Re: Wrong Redirect after Logout/Login

Thomas2 wrote:

But anyway, I resolved the issue now by making further changes to the headers in header.php. Using

header ('Expires: 0');
header('Cache-Control: private, post-check=0, pre-check=0, max-age=0');
header('Pragma: no-cache');   

instead of the original headers, the problem has disappeared now.
I don't know yet for certain which of the changes I made is the crucial one ( because I don't have FTP access in the library, I have to make the changes at home, and then go to the library to check out the results), but I suppose it is the dropped Last-Modified header, as now there is no way to validate the page and thus no reason for the proxy server to store it in the first place (all other boards I checked out (e.g. phpBB) don't issue a Last-Modified header either by the way).

Thomas

Just an update on this: further tests by me have shown now that it was indeed the Last-Modified header that was responsible for the cache problem. Dropping it makes everything behave as it should.

Thomas

7 Reply by Paul

  • Paul
  • Senior Member
  • Offline
  • From: Wales, UK.
  • Registered: 2003-08-13
  • Posts: 3,089

Re: Wrong Redirect after Logout/Login

Thanks for the update. Useful information.