added documentation on how we fixed this problem
[squirrelmail.git] / doc / ie_ssl.txt
b8676cf7 1Internet Explorer and SSL
2Luke Ehresman <>
5I've just spent the last few days trying to track down the now famous bug
6with IE and SSL. The problem lies in the fact that PHP sends some no-cache
7headers whenever a session is started. IE chokes when trying to download a
8file that it can't cache over SSL. We use session management to store many
9things, one being the key to decypher the password.
11Once we had figured out that it was sessions in PHP that was causing the
12problem, we tried turning the session management off in the download script
13in Squirrelmail. This introduced another problem for us because we NEEDED
14sessions to decypher the key so we could log into the IMAP server and
15download the attachment.
17Next we tried leaving the sessions turned off, but passed the key in through
18a GET parameter. This worked, but is obviously not a very secure way of
19handling things.
21Our quest continued for a good solution. Finally, I was browsing through
22the source of PHP, I noticed the 2 headers it was sending were "Pragma" and
23"Cache-Control". I had the crazy idea of defining these again after the
24session had been started, and lo and behold, it worked! Below is the code
25that made this work:
27 session_start()
28 header("Pragma: ");
29 header("Cache-Control: cache");
31With all the testing I have done, this works, and works very well for all