search

chemlv / cool-php-captcha

Automatically exported from code.google.com/p/cool-php-captcha
GNU General Public License v3.0
0 stars 0 forks source link

caching problem #7

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
next bug is in example-form.php
line 76 and followers: <img src="captcha.php" id="captcha" />

if example-form.php ... uses headers to force cache:
- Expires in future
- or Expires to current time
- or Cache-Control WITHOUT must-revalidate, post-check=0, pre-check=0
- or Pragma private or public

so when open example-form.php -> submit form -> i.e. to send-form.php and there 
will found error in user data so show error and link with javascript 
window.history.go(-1) ... or user self go back in browser

>> user will get back to example-form.php BUT this page WILL NOT BEEN 
REQUESTED, BECAUSE IS CACHED and you get page with data that he writes 
before... that OK

>> bug is in next step... WHEN USER SUBMIT FROM AGAIN... 
-> captcha will be always SAME and always VALID becaus... cached page didn't 
change captcha
-> captcha fails every time because... first execution of sent-form.php clear 
previous captcha

solution exists request captcha.php by javascript:
script('type="text/javascript"'); 
  var captchaAction = null;
  function captcha() {
   captchaDate = new Date;
   if (captchaAction == null || captchaAction + 1000 < captchaDate.getTime()) {
    // request new captcha code and ban old one
    document.getElementById('captcha').src='captcha.php?'+Math.random();
   }
   captchaAction = captchaDate.getTime();
   setTimeout('captcha()', 250);
  }
  timerID = setTimeout('captcha()', 250); <?php
 </script>;

Original issue reported on code.google.com by svecp...@gmail.com on 31 Aug 2010 at 5:47

GoogleCodeExporter commented 9 years ago 
I am a user of cool-php-captcha and i am aware of caching problem as well. But 
I don't understand how to apply your fix, can you please clearify it a bit?

Original comment by hsa2%dif...@gtempaccount.com on 3 Feb 2011 at 7:14

GoogleCodeExporter commented 9 years ago 
Simply adding headers to avoid cache. For example, you can put this at the 
beginning of the script:

header("Expires: Tue, 03 Jul 2001 06:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

Original comment by joserodr...@gmail.com on 7 Feb 2011 at 4:01

GoogleCodeExporter commented 9 years ago 
It works with firefox but google chrome doesn't seem to care about expiration?

Original comment by hsa2%dif...@gtempaccount.com on 8 Feb 2011 at 2:36

GoogleCodeExporter commented 9 years ago 
Actually there is a bug report for chrome:
http://code.google.com/p/chromium/issues/detail?id=28035

Original comment by hsa2%dif...@gtempaccount.com on 8 Feb 2011 at 2:47

GoogleCodeExporter commented 9 years ago 
I think, the best for this would be, so you guys generate just different 
filenames, like:

/captcha_32112313.png, so it include the timestamp or smth like this.
then you won't need to bother about those expirations in different browsers, 
because it's insane!

and later make a rewrite rule, so it rewrites everything from captcha_*****.png 
to captcha.php

Good luck!

Original comment by hugles...@gmail.com on 12 Oct 2011 at 7:26