b8676cf7 |
1 | Internet Explorer and SSL |
2 | Luke Ehresman <luke@squirrelmail.org> |
3 | ===================================== |
4 | |
5 | I've just spent the last few days trying to track down the now famous bug |
6 | with IE and SSL. The problem lies in the fact that PHP sends some no-cache |
7 | headers whenever a session is started. IE chokes when trying to download a |
8 | file that it can't cache over SSL. We use session management to store many |
9 | things, one being the key to decypher the password. |
10 | |
11 | Once we had figured out that it was sessions in PHP that was causing the |
12 | problem, we tried turning the session management off in the download script |
13 | in Squirrelmail. This introduced another problem for us because we NEEDED |
14 | sessions to decypher the key so we could log into the IMAP server and |
15 | download the attachment. |
16 | |
17 | Next we tried leaving the sessions turned off, but passed the key in through |
18 | a GET parameter. This worked, but is obviously not a very secure way of |
19 | handling things. |
20 | |
21 | Our quest continued for a good solution. Finally, I was browsing through |
22 | the source of PHP, I noticed the 2 headers it was sending were "Pragma" and |
23 | "Cache-Control". I had the crazy idea of defining these again after the |
24 | session had been started, and lo and behold, it worked! Below is the code |
25 | that made this work: |
26 | |
27 | session_start() |
28 | header("Pragma: "); |
29 | header("Cache-Control: cache"); |
30 | |
31 | With all the testing I have done, this works, and works very well for all |
32 | browsers. |