Page caching-How do I disable the user's local browser cache in PHP?

Source: Internet
Author: User
Tags dedicated server asymmetric encryption

Environment: Some files within the enterprise, through Flexpaper online Browsing, the original Office files are converted to SWF format, and the company these files are only allow employees to browse online, not allowed to copy, print and propagate, if the local cache (temporary) folder contains this SWF file, You can take it and spread it directly (even if you can't control it completely, but if you don't cache this file in the IE Temp folder, you can achieve it to some extent)

I hope that the user local IE temporary folder can not cache the content of a page, find data is generally PHP header control, HTML meta control, and then I also tried, the results have not reached the effect, in IE corresponding to the local cache folder can still find the content of the page, Please help to point out, thank you

Reply content:

Environment: Some files within the enterprise, through Flexpaper online Browsing, the original Office files are converted to SWF format, and the company these files are only allow employees to browse online, not allowed to copy, print and propagate, if the local cache (temporary) folder contains this SWF file, You can take it and spread it directly (even if you can't control it completely, but if you don't cache this file in the IE Temp folder, you can achieve it to some extent)

I hope that the user local IE temporary folder can not cache the content of a page, find data is generally PHP header control, HTML meta control, and then I also tried, the results have not reached the effect, in IE corresponding to the local cache folder can still find the content of the page, Please help to point out, thank you

I can still find the contents of this page in the local cache folder of IE.

It is normal to find it in the cache folder.

As for your question, "How to disable user local cache", you can set the cache folder to read-only. Don't laugh, I'm serious.

You only looked at the header, why not look at the Status Code ah? If it is 304, it means not Modified, and the description is cached.

If it is cached, will it be found in the local cache folder? The answer is maybe.

The local cache is the browser's function and can be used without the need to pipe.

The purpose of disabling caching is that when you go to request a Web server, the server always gives the latest file to the browser without detecting whether the file has been updated. When he passes back to the browser, the browser IE puts the file (or part of it) locally and saves it.

Although this folder is called "Cache folder", in fact he is just "temporary folder".

Other browsers may not use "cache folders", such as using a small database system, such as SQLite.

In fact, the memory of the content on the hard disk, is a tradition, but also a philosophy.

The operating system also often puts some memory on the hard drive, "Microsoft" calls it "virtual memory".

Finally answer the author's question: How do I disable the local cache? No need.

I'm not going to disable it.

    1. Set to read-only
    2. In the IE settings should be able to disable
    3. Modify the Registration Form

According to the supplement, give my opinion:

In this environment, you need a program that requires client mates to modify the behavior of the browser, rather than simply developing it on the server side.

If you simply consider it, you can develop plugins for your browser to modify and constrain the browser's caching behavior. Then on the server side, it requires that only your plug-in is installed to provide the content. But this approach still has the risk of being caught by the HTTP packet. Inside the thief is difficult to prevent, do not think a certain degree of safety is enough.

I think the better solution is to simply abandon the Web application of the architecture, and use the client software to replace it. The content format also discards flash, but simply transmits a low-resolution image with a watermark. In the network transmission, asymmetric encryption is introduced. This way as long as the server's private key is not disclosed, can be said impregnable, no one will get the print quality of the original document.

But this still prevents screenshots, video, photography, or even simpler: human memory and other causes of data leakage. I don't explain these ways, just admit it.

Thank you for inviting me. It is true that the front-facing caching system, in vain to change the browser settings of all users, is indeed a ridiculous thing. But the matter is not without a flexible approach.

One detail is that HTTP requests with post data are generally not cached. The 9.5 post section of RFC 2616 resembles the following comment:

Responses to this method is not cacheable, unless the response includes appropriate Cache-control or Expires header field S. However, the 303 (see) response can is used to direct the user agent to retrieve a cacheable resource.

It is also easy to understand: Post is a lot of data, browser cache can not afford to retrieve.

In this way, the method is simple: The main page loads an empty frame, and submitting an AJAX request with post data loads the actual data. Those cache parameters on the server side can also be replicable.

But note: This is only in the general case, which makes the browser not retain these content for a long term . Does not mean that the browser must not cache these content, after all, the client's behavior is that you can not control. Especially for performance reasons, in a short period of time to do the cache, this as long as there is little likelihood of confrontation.

But, more importantly, I'd like to know why you're so deliberate against the browser's local cache.

Data confidentiality? But as long as the face of the browser environment, your transmission and web content is intercepted, copied, analyzed, polluted, as long as the user is willing to do nothing. (What you need is a dedicated server-client architecture)

Guaranteed timeliness? This does not have to disable the client's local cache at all.

I can't guess the purpose of your question. So I suggest you add your application environment, and the purpose you expect for your reference. Instead of killing a technical target.

NetEase Cloud classroom inside that get video file link in Firefox response headers content as follows:

I use IE browser play, in the local cache (temporary) folder does not find the corresponding video files, I guess it should be the server side did the processing

The essential requirement of this problem is to do document security in the browser, I know there are several ways:
1, the use of control in IE, you can control the Office document permissions, you can first look at the Ntko data.
2, converted to FALSH format, as if the control every time from the server to obtain a page of content, which greatly improves the difficulty of taking the file.

Say a related non-technical question:

Recording Screen software!

As long as it is a static resource, the browser will always be "staged" during the loading process. Or in other words, I can get your path by Firebug, or by looking at the source code, and the download is done. You want to control the browser cache ideas may need to change.

@adam may be a way of saying that. Similarly, the online document reader, the role of Flash is a player/reader, and for security reasons, Flash has a built-in decryption or called encoding algorithm. When reading a document, Flash accepts parameters, and the flash dynamically sends a request to the server to read the data, one page or several pages at a time, and the decoding is finally revealed. In this process, the user's browser caches only flash itself, no data.

Example: http://www.docin.com/p-562081174.html

The data He loaded is: http://docin.oss.aliyuncs.com/docin_562081174.docin

This data file is, of course, encrypted.

PS. Write in the end, my answer may irrelevant, you want to solve the problem on the existing thing. I have proposed another way of realization, the realization still has the cost.

It is not possible to disable the caching of SWF files in general browsers (IE, Chrome, Firefox, etc.) unless you develop a custom browser, or develop a new format to play with your particular plugin.

To achieve a confidential requirement, you can proceed in the following ways:

    • Streaming, like the major video sites, the content is actually on the server side, a paragraph sent to the browser side, only in memory, not on the hard disk. The cache file on the hard disk is just a SWF-formatted player (PLAYER.SWF)
    • Dynamically generated SWF file with PHP, the file embedded a unique identifier, binding the identity of the visitor (such as work number, intranet IP, login name), you cache it does not matter, if take out to do bad things, it can trace the source of the leak where
    • Shell each SWF (the shell is also a SWF developed by ActionScript), the shell is responsible for interacting with the server side via HTTP and obtaining the necessary authorizations to play back the Office documents. Authorization interaction with the server can allow viewers to participate (such as logging in with an account) or without requiring participation (such as verifying IP, which can only be played in the intranet). If someone takes it home, it fails when the server is requested to authorize it.
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.