CODEWITHSUNDEEP
phpjavascriptbrowsercaching
FinalDestiny
FinalDestiny

Reputation: 23

How to remove the browser cache?

I have one image website where users can vote images. IMAGES ARE RANDOMLY GENERATED ON FIRST PAGE! Once they vote they're redirected using window.location to the image details page. If they click back they will see the same image...from the browser cache..and they can vote it unlimited times....

How to I remove the cache? I want the first page to refresh when I click back button! I already used : 

<meta http-equiv="Pragma" content="no-cache">
    <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
    <META HTTP-EQUIV="Expires" CONTENT="-1">

and 

<input type="hidden" id="refreshed" value="no">
<script type="text/javascript">
    onload=function(){
        var e=document.getElementById("refreshed");
        if(e.value=="no")e.value="yes";
        else{e.value="no";location.reload();}
        }
</script>

thanks !!!!!

Upvotes: 0

Views: 1546

Answers (4)

TravisO
TravisO

Reputation: 9540

You need to feed the image to the user dynamically instead of pointing to a file in a directory. So you have an 

image.php?id=1234

inside image.php you pretty much just open the image, uudecode it, and print it to the browser. Since the image is retrieved programatically you can simply block it or force a new image on them. If you don't want users to retrieve a specific image and want to always serve a random image, then don't use IDs at all in the url and simply serve up a random image file.

It also helps to stick in useless random data in the url, in this case generating a UUID would be a good idea. So even if you go with a solution that just does then do something like 

print '<img src="'. $image .'?'. uniqid() .'">';

It's no silver bullet, but it's another trick that prevents image caching.

Upvotes: 0

azazul
azazul

Reputation: 1215

And what if the "hacker" has disabled JS ?

I would recommend for you to do few other things:

  • limit the amount of image one can vote for per 24 hours
  • keep all the votes in DB for 24 hours
  • give registered users higer max-votes limit

Upvotes: 0

Josh Stodola
Josh Stodola

Reputation: 82483

Using location.replace("URL_HERE"); instead of location.href = "URL_HERE"; will prevent the redirect from creating a new entry in the user's history. But I still think Anon's answer is absolutely correct.

Upvotes: 0

Anon.
Anon.

Reputation: 59963

You don't want to use client-side checking to prevent users voting multiple times. That's just silly.

You want to check on the server whether a user has already voted for that image, and if so, direct them to some "Oops you've already voted for that" page and don't count the vote.

Upvotes: 7

Related Questions