From b8676cf78f79f9731e98d439cb70ec0c8354d3ec Mon Sep 17 00:00:00 2001 From: lkehresman Date: Thu, 18 Jan 2001 01:26:53 +0000 Subject: [PATCH 1/1] added documentation on how we fixed this problem git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@963 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- doc/ie_ssl.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 doc/ie_ssl.txt diff --git a/doc/ie_ssl.txt b/doc/ie_ssl.txt new file mode 100644 index 00000000..2ce5e6f9 --- /dev/null +++ b/doc/ie_ssl.txt @@ -0,0 +1,32 @@ +Internet Explorer and SSL +Luke Ehresman +===================================== + +I've just spent the last few days trying to track down the now famous bug +with IE and SSL. The problem lies in the fact that PHP sends some no-cache +headers whenever a session is started. IE chokes when trying to download a +file that it can't cache over SSL. We use session management to store many +things, one being the key to decypher the password. + +Once we had figured out that it was sessions in PHP that was causing the +problem, we tried turning the session management off in the download script +in Squirrelmail. This introduced another problem for us because we NEEDED +sessions to decypher the key so we could log into the IMAP server and +download the attachment. + +Next we tried leaving the sessions turned off, but passed the key in through +a GET parameter. This worked, but is obviously not a very secure way of +handling things. + +Our quest continued for a good solution. Finally, I was browsing through +the source of PHP, I noticed the 2 headers it was sending were "Pragma" and +"Cache-Control". I had the crazy idea of defining these again after the +session had been started, and lo and behold, it worked! Below is the code +that made this work: + + session_start() + header("Pragma: "); + header("Cache-Control: cache"); + +With all the testing I have done, this works, and works very well for all +browsers. -- 2.25.1