I have encountered a strange problem when straming binary data over SSL using PHP (php 4 as apache module). The user is able to surf SSL pages (html, inline images, assets like styles) which get delivered and isplayed correctly.
However, in some places i need to check authentity of the user before streaming data. This means, that the script itself will have to read the file and srteam it out to the client.
In this case, php will add some headers which will prevent IE 5+ to read the data (for wahtever reason).
the following headers will tell IE to not cache the data (which is a good idea on dynamicly created content). IE will also prevent saving data to the local hard drive (however):
Cache-Control:no-store, no-cache,must-revalidate, post-check=0, pre-check=0Pragma: no-cache
the no-cache and no-store must be overriden with a header() function to make the document storable in IE.
This is what i came up with after some fiddling:
HEADER('Expires: '.date("r", time()-60*60*4));
HEADER("Etag: \"" . md5(implode("", file($location))).'"');
HEADER('Content-length: ' .filesize($location));
HEADER('Content-disposition: attachment; filename="'.$file.'"');
HEADER("Cache-Control: must-revalidate, post-check=0,pre-check=0");
The ETag part seems to be important for some IE Versions. this is just an md5 sum of the file. Note, the md5 sum must be enclosed in quotes.
Tags: SSL certificates Security Computers