Search the Community

Securing my upload folder “upl” The upl folder is used to store anything that is uploaded by the user for their needs that is not a part of the back end, as such all content in this folder is subject to being locked down and and supplied after checking credentials. The upl folder has an .htaccess file that locks down all remote access. order deny,allow deny from all When something is needed from this directory we jump that wall with the help of apache after credentials are verified. I think this is straight forward so far. For images something like; <img src=”downloader.php?app=1&id=20&type=thumb”> For files something like; <a href=”downloader.php?app=1&id=20&type=file&fileid=1212”> After we check creds, we use similar to below to get data from that locked down folder. $size = filesize($file); header ( 'Content-Description: File Transfer' ); header("Content-Type: application/force-download"); header ( 'Content-Type: application/octet-stream' ); header ( "Content-Disposition: attachment; filename=\"".basename($file)."\""); header ( 'Expires: 0' ); header ( 'Cache-Control: must-revalidate' ); header ( 'Pragma: public' ); header ( 'Content-Length: ' . filesize ( $file ) ); ob_clean(); flush(); readfile ( $file ); exit(); seems to work pretty swimmingly for the most part. My problem is (or at lease a mild nuisance) is that it seems that these images loaded in this manner are not subject to the cache system of a browser? It looks like they reload every time a page is visited. Is there a way around this?