I’ve noticed that with standard pages when you use the back button there doesn’t seem to be a difference between HTTP and HTTPS; it caches unless POST data is sent.
However, when you set a PHP session going over HTTP it’s pretty much the same as HTTP with no session. But on HTTPS when session_start() is called pages never cache.
It’s not particularly a problem as this is for a CMS but I just wondered:
-
Why this behaviour? It seems common across browsers, which I thought tend to cache HTTP and HTTPS the same nowadays.
-
Not that I need to at this stage but if using a session and HTTPS is it possible to make PHP cache pages?
-
Bit of a follow-on question but if you call session_start over HTTP, is the session valid over HTTPS and vice-versa? I’m finishing now and will test this out for myself in due course but feel free to answer.
Thanks.