added documentation on how we fixed this problem

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@963 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/doc/ie_ssl.txt b/doc/ie_ssl.txt
new file mode 100644 (file)
index 0000000..2ce5e6f
--- /dev/null
+++ b/doc/ie_ssl.txt
@@ -0,0 +1,32 @@
+Internet Explorer and SSL
+Luke Ehresman <luke@squirrelmail.org>
+=====================================
+
+I've just spent the last few days trying to track down the now famous bug
+with IE and SSL.  The problem lies in the fact that PHP sends some no-cache
+headers whenever a session is started.  IE chokes when trying to download a
+file that it can't cache over SSL.  We use session management to store many
+things, one being the key to decypher the password.
+
+Once we had figured out that it was sessions in PHP that was causing the
+problem, we tried turning the session management off in the download script
+in Squirrelmail.  This introduced another problem for us because we NEEDED
+sessions to decypher the key so we could log into the IMAP server and
+download the attachment.
+
+Next we tried leaving the sessions turned off, but passed the key in through
+a GET parameter.  This worked, but is obviously not a very secure way of
+handling things.
+
+Our quest continued for a good solution.  Finally, I was browsing through
+the source of PHP, I noticed the 2 headers it was sending were "Pragma" and
+"Cache-Control".  I had the crazy idea of defining these again after the
+session had been started, and lo and behold, it worked!  Below is the code
+that made this work:
+
+     session_start()
+        header("Pragma: ");
+        header("Cache-Control: cache");
+
+With all the testing I have done, this works, and works very well for all
+browsers.