Page 1 of 1

Tip: Salt HTTPS pages

PostPosted: July 28th, 2011, 8:49 pm
by PseudoNyhm
Another great plugin from these folks! Here's a tip (and recommendation for improvement):

I've found it useful to add the following to the MD5 Salt to separate HTTPS cached content from non-secure content: $_SERVER['HTTPS']

Without this, while browsing HTTPS, Quick Cache would provide a previously cached page, which was generated during an HTTP session. This results in http:// links instead of https:// as they should be if browsing HTTPS. Consequently, users would be exiting and entering HTTPS mode based on the cached version.

To avoid potential security issues related to this, I'd like to recommend that Quick Cache add a built-in feature to differentiate HTTPS from HTTP cached content.

Re: Tip: Salt HTTPS pages

PostPosted: September 16th, 2011, 8:39 am
by ksaynor
This didn't work for me... gave me the error "Quick Cache: Your MD5 Version Salt may contain syntax errors. Please check it and try again. Otherwise, if you are unable to correct the problem, your Salt will simply be ignored. Quick Cache will continue to function properly using its default setting."

Also tried with $_SERVER["SERVER_HOST"] same problem - my theory was that ["HTTPS"] is empty if a page is served via http...

Anyone else got any ideas for how to separate caching of http and https pages?

Re: Tip: Salt HTTPS pages

PostPosted: September 16th, 2011, 9:00 am
by PseudoNyhm
I can confirm that this works for me in Apache. Under HTTPS, the value is on. Under HTTP, the value is actually NULL (the value is unset), but does not seem to be a problem on Apache.

You may need to use a more complex tertiary construct (someone check my syntax):

Code: Select all
((isset($_SERVER['HTTPS']))) ? "on" : "off"


According to the documentation, the syntax error message implies you typed something wrong into the field, rather than the return value being invalid. Hope this helps.