Nikolay Kostov Telerik Corporation
HTTP headers Output buffer control Browser cache Redirecting the browser
Each HTTP request and response contains of headers and body Headers describe the transferred data Type Length Encoding Etc. PHP can modify the response headers header function
header($header, $replace, $response_code) Adds or modifies HTTP header of the response $header is string in the following form Name: Value $replace sets whether to replace existing similar header with the same name or add it $response_code sets the HTTP response code (e.g. 302, 404, etc.)
Redirect the Web browser Set multiple headers with one name Example: force browser to require HTTP authentication Example: page inaccessible header ("Location: header ("WWW-Authenticate: Negotiate"); header ('WWW-Authenticate: Basic realm="Secure Area"', false); header ("WWW-Authenticate: Negotiate"); header ('WWW-Authenticate: Basic realm="Secure Area"', false); header ("HTTP/ Not Found"); // or maybe header ("HTTP/ Forbidden"); header ("HTTP/ Not Found"); // or maybe header ("HTTP/ Forbidden");
Example: Page receives get parameter "down" that is some MP3 file ID in directory (MP3DIR constant) This script will either send 404 error on request or will return the MP3 file for download $file = MP3DIR.$_GET['down'].".mp3"; if (!file_exists($file)) header ("HTTP/ Not Found",true,404); header ("HTTP/ Not Found",true,404); else { header ('Content-Type: audio/x-mp3'); header ('Content-Type: audio/x-mp3'); header ('Content-Length: '. header ('Content-Length: '.filesize($file)); header('Content-Disposition: attachment; '. 'filename='.$_GET['down'].'.mp3'); header('Content-Disposition: attachment; '. 'filename='.$_GET['down'].'.mp3'); echo file_get_contents($file); echo file_get_contents($file);} $file = MP3DIR.$_GET['down'].".mp3"; if (!file_exists($file)) header ("HTTP/ Not Found",true,404); header ("HTTP/ Not Found",true,404); else { header ('Content-Type: audio/x-mp3'); header ('Content-Type: audio/x-mp3'); header ('Content-Length: '. header ('Content-Length: '.filesize($file)); header('Content-Disposition: attachment; '. 'filename='.$_GET['down'].'.mp3'); header('Content-Disposition: attachment; '. 'filename='.$_GET['down'].'.mp3'); echo file_get_contents($file); echo file_get_contents($file);}
Browser cache resources, downloaded over network On next request they use the headers to detect if they should re-download or reuse the cached resource Resources carry set of headers to control the browser caching Expires header, Last-Modified, If-Modified-Since header ETag, If-None-Match Cache-Control
HTTP Request Example: HTTP Response Example: GET /index.html HTTP/1.0 User-Agent: Mozilla/5.0 From: something.somewhere.net Accept: text/html,text/plain,application/* Host: If-Modified-Since: Wed, 19 Oct :50:00 GMT GET /index.html HTTP/1.0 User-Agent: Mozilla/5.0 From: something.somewhere.net Accept: text/html,text/plain,application/* Host: If-Modified-Since: Wed, 19 Oct :50:00 GMT HTTP/ Not Modified Date: Fri, 31 Dec :59:59 GMT HTTP/ Not Modified Date: Fri, 31 Dec :59:59 GMT
Server sends Last-Modified and Expires dates in response for the resource Tells the browser how long the resource should be kept as current version Both in GMT format Browser sends If-Modified-Since header on each request with the date of the resource it has cached If version is latest, server replies with "303 Not Modified" HTTP code
ETag is unique identifier for the resource and its version Sent by the server, stored by the browser Browser sends on next request the ETag of the cached version Sends the ETag in If-None-Match header Newer approach Most web servers send both Last-Modified and ETag headers
Server can send Cache-Control header that instruct the browser cache engine Value consists of comma separated name=value pairs or only names max-age=seconds – sets maximum time that version should be considered fresh s-maxage=seconds – same as max-age but applies to proxies public – marks headers of response as cacheable
no-cache – instructs revalidation to be required on next request Usually performed as HEAD request no-store – instructs not to store version of the resource under any circumstances must-revalidate – tells cache engines they must obey and freshness information you give them Some caches load older version under some circumstances proxy-revalidate – similar to must-revalidate but applies to proxies
Disable Browser Cache - Example header('Cache-Control: no-cache'); header('Pragma: no-cache'); header("Expires: 0"); header('Cache-Control: no-cache'); header('Pragma: no-cache'); header("Expires: 0");
The Web server (Apache) buffers the script output Sends it automatically if there is enough data to send (buffer is full) Buffer can be controlled Multiple buffers can be defined and flushed, canceled or stored Allows reordering of the output data Example – first run script that generates page body, then print head Example – first print output, then send headers
Functions for buffer control are prefixed with ob_ in PHP ob_start ($callback, $chunk, $erase) – starts new buffer After this function is called no output is sent to the browser, except headers Output buffers are stackable Can call second ob_start while another is active
All parameters are optional $callback is function name to call when buffer is flushed This function can modify the data to be sent Receives one parameter – the data in the buffer Must return string – the data to be sent If $chunk is specified, buffer will flush if stored data reaches this size Value of 0 means no automatic flush Value of 1 sets $chunk to 4096 $erase sets whether the buffer should not be deleted until script ends
ob_flush – sends the buffer content and erases all stored data Keeps the buffer active ob_end_flush – similar to ob_flush but destroys the buffer ob_implicit_flush ($mode) – sets implicit flush on or off $mode is optional boolean, defaults to true With implicit flush, all writing to the buffer is automatically sent
ob_get_contents – returns the content of the current buffer as string Doesn't clear or stop the buffer ob_get_clean – returns the buffer content and deletes it ob_get_flush – returns the buffer content, flushes it and deletes it
ob_clean – erases the data in the output buffer but does not delete the buffer ob_end_clean – cleans the output buffer data and deletes the buffer ob_end_flush – flushes the output buffer and deletes it
Questions?
Exercises Create pages login.php and main.php and implement the following logic: The login.php displays login form (username/password) If successfully authenticated, the user is redirected to the main.php Otherwise an error message is shown and the login form is displayed again If main.php is requested and the user is not logged in, it redirects to login.php Implement also “Logout” functionality