Do not cache pages that shows attributes (Contributor: Thomas Graff)

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1142 44740490-163a-0410-bde0-09ae8108e29a

Do not cache pages that shows attributes (Contributor: Thomas Graff)
803cd3c5 · Andreas Åkre Solberg · ed064c1d · 803cd3c5 · 803cd3c5
Commit 803cd3c5 authored 16 years ago by Andreas Åkre Solberg
--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -8,6 +8,16 @@
 * @version $Id$
 */

+/*
+ * Explisit instruct consent page to send no-cache header to browsers 
+ * to make sure user attribute information is not store on client disk.
+ * 
+ * In an vanilla apache-php installation is the php variables set to:
+ * session.cache_limiter = nocache
+ * so this is just to make sure.
+ */
+session_cache_limiter('nocache');
+
 SimpleSAML_Logger::info('Consent - getconsent: Accessing consent interface');

 if (!array_key_exists('StateId', $_REQUEST)) {
@@ -133,8 +143,6 @@ if (array_key_exists('consent:store', $state)) {
 	$t->data['usestorage'] = FALSE;
 }

-
-
 $t->show();
 exit;


--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -6,6 +6,17 @@
 */
 require_once('../_include.php');

+/*
+ * Explisit instruct consent page to send no-cache header to browsers 
+ * to make sure user attribute information is not store on client disk.
+ * 
+ * In an vanilla apache-php installation is the php variables set to:
+ * session.cache_limiter = nocache
+ * so this is just to make sure.
+ */
+session_cache_limiter('nocache');
+
+
 /* Load simpleSAMLphp, configuration and metadata */
 $config = SimpleSAML_Configuration::getInstance();
 $session = SimpleSAML_Session::getInstance();