logged in users see parts of site as anonymous (not logged in) when mod_headers missing

try the latest dev; did more changes to the login cookie that gets set.

This is happening to me also, I have 1.18 released on 1/24/10

Same here..
Parts of pages, specifically these that were visited before logging in after log in show as if though I was a visitor.
Also, logging in from certain pages redirects to a weird url that tends to change from time to time. Sometimes it redirects to a blog page, and it will continue to do so.. then it will change and redirect to a different page (always same one), and then it will change and redirect to a page that do not exist (again, always same one) in which case, I get page does not exist after loggin in. (no longer can reproduce this problem)
Just curious.. should these settings be on:

Aggressive setting of the boost cookie
Set/Remove the boost cookie in the boost_init function.

and
Follow RFC2616 14.9.4

I am using the latest dev version.

X-Cache HIT from cache
X-Cache-Lookup HIT from cache:3128
Via 1.0 cache:3128 (squid/2.6.STABLE13)

This looks like squid is caching where it shouldn't be. Is squid setup correctly?

in my case there is no squid..

I'm just looking around and playing to see what I can spot... and definitely only the pages that were visited before logging in are the only ones that show as if though I was a visitor, if I visit them after logging in. Other pages show they way they should when logged in...
Also, If I refresh the page that shows the view a visitor would see, then it refreshes to the way it should look when logged in.
That's fine by me, but members might not think of that... If this page is for example a page that a member can edit, he/she will not see an edit tab on the page, unless they refresh it..

@Ela
Can I get very specific details like headers & URL's so I can have a better understanding of what's going on in your case?

I will email you my site url from your profile page :)

It's sent :)
Also .. noticed that the destination URL after loggin in get's fixed, changed after running cron.
I have applied a rule to change user log in destination to user account page, so that partially fixes the problem for me anyway... but if the destination was going to be a page that does not exist then a error of page does not exist would still appear, in addition to being redirected to the user account page.. I hope this makes sense.. :) (I can no longer reproduce this problem)

I have also experienced this phenomenon. Unfortunately I cannot exclude that other modules or sitewide changes might be responsible, which we have installed while upgrading the modules (eg. memcache and its session manager - just testing #585748).

edit: cannot reproduce anymore, everything seems fine now

subscribing

...definitely only the pages that were visited before logging in are the only ones that show as if though I was a visitor, if I visit them after logging in. Other pages show they way they should when logged in...
Also, If I refresh the page that shows the view a visitor would see, then it refreshes to the way it should look when logged in.

I can confirm after playing around a bit that this is the case. Each page that was visited before logging in shows as if though logged out if visited after logging in.
This causes a bit of confusion.. a user has to log in again in order to view the page as it should appear OR refresh the page.
Any update on this?

Under Boost advanced settings turn on Aggressive setting of the boost cookie. Let me know if this fixes your issue.
Also have a look at this
#197786: Some servers / browsers will cache pages even when header Cache-control: no-cache is set

Hi there :)
I do have "Aggressive setting of the boost cookie" turned on when experiencing this.. Any other possible settings?

turn it off, see if that changes anything. Otherwise look at this patch for core http://drupal.org/node/197786#comment-1794074

ok.. going to test changing the setting or the patch in an hour or so and will report back :)

Hi :)
Turning off the cookie setting did not work.. So I tried the patch.. did not work.. cleaned the browser cache, still the same. Then I tried turning on or off the cookie setting for boost with the patch.. same results, none of it worked.
Please let me know if you have any other tips.

Ela, after looking closer, your apache doesn't have mod_headers enabled. Each cached page has Cache-Control: max-age=1209600 (2 weeks) which is the drupal default for all non php objects going though apache (static html in this case). Enable/Install mod_headers on your server and you should be good to go!

Hi Mike,
Thank you for looking into this.
I'm sorry for my lack of knowledge.. could you point me in the right direction on how to do that?

... deleted

Try this in your httpd.conf file

LoadModule headers_module modules/mod_headers.so

Restart apache to let the changes take effect

Actually, could you test out these rules before you add in mod_headers to your httpd.conf file? Replace your FilesMatch section with this; its at the top of the boost rules.

  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

I contacted my host regarding the Install of mod_headers and they said that they have been applying these changes to servers but did not do it on mine yet. They should change it tonight. :)
I will also try the rules change you provided above and report back within an hour or so, this way we know if this works before the change is applied to the server.

I must be missing something.. I can not find FilesMatch section in the boost.rules.inc ... am I looking in the wrong place?
(((edit)))): I found FilesMatch string section in the boost.admin.inc towards the bottom of the file.. I'll wait for your instructions on how to proceed..

goes in you .htaccess file

Found it :) Sorry for the confusion.
I applied the change, but it did not make any difference when it comes to this issue :(
I will try additional things, if you want me to.
mod_headers should be there on the server tonight and I will as well report back on that :)

Ela, your browser is caching the pages for 2 weeks. You need to test this in a different browser or clear your browsers history. This means you will have intermittent reports of this still being broken for the next 2 weeks.

Hi.. I cleaned the history and in addition also went to pages that were not visited by me before, then logged on, went to same pages.. same issue.

Can you attach your .htaccess file? Looking at this you still have Cache-Control: max-age=1209600 set in your headers; ExpiresActive Off is supposed to clear that, yet it's not working.

Hi.
Thank you for your continuous effort to help in solving this!! :)
This is the code from my .htaccess before applying the change that you mentioned above. (I changed it back, since I did not see the difference after applying the change)

#
# Apache/PHP/Drupal settings:
#

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
  Order allow,deny
</FilesMatch>

# Don't show directory listings for URLs which map to a directory.
Options -Indexes

# Follow symbolic links in this directory.
Options +FollowSymLinks

# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php

# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
  # There is no end quote below, for compatibility with Apache 1.3.
  ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

# Set the default handler.
DirectoryIndex index.php

# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.

# PHP 4, Apache 1.
<IfModule mod_php4.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
  # Enable expirations.
  ExpiresActive On

  # Cache all files for 2 weeks after access (A).
  ExpiresDefault A1209600

  <FilesMatch \.php$>
    # Do not allow PHP scripts to be cached unless they explicitly send cache
    # headers themselves. Otherwise all scripts would have to overwrite the
    # headers set by mod_expires if they want another caching behavior. This may
    # fail if an error occurs early in the bootstrap process, and it may cause
    # problems if a non-Drupal PHP file is installed in a subdirectory.
    ExpiresActive Off
  </FilesMatch>
</IfModule>

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

  # If your site can be accessed both with and without the 'www.' prefix, you
  # can use one of the following settings to redirect users to your preferred
  # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
  #
  # To redirect all users to access the site WITH the 'www.' prefix,
  # (http://example.com/... will be redirected to http://www.example.com/...)
  # adapt and uncomment the following:
  #
  # To redirect all users to access the site WITHOUT the 'www.' prefix,
  # (http://www.example.com/... will be redirected to http://example.com/...)
  # uncomment and adapt the following:
  # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
  # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

  # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
  # VirtualDocumentRoot and the rewrite rules are not working properly.
  # For example if your site is at http://example.com/drupal uncomment and
  # modify the following line:
  # RewriteBase /drupal
  #
  # If your site is running in a VirtualDocumentRoot at http://example.com/,
  # uncomment the following line:
  # RewriteBase /
  RewriteCond %{HTTP_COOKIE} DRUPAL_UID
  RewriteCond %{REQUEST_URI} ^/user/login [OR]
  RewriteCond %{REQUEST_URI} ^/user/register [OR]
  RewriteCond %{REQUEST_URI} ^/user/password
  RewriteRule ^user/.* / [L,R=307]
  ### BOOST START ###
  AddDefaultCharset utf-8
  <FilesMatch "(\.html|\.html\.gz)$">
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>
  <IfModule mod_mime.c>
    AddCharset utf-8 .html
    AddCharset utf-8 .css
    AddCharset utf-8 .js
    AddEncoding gzip .gz
  </IfModule>
  <FilesMatch "(\.html|\.html\.gz)$">
    ForceType text/html
  </FilesMatch>
  <FilesMatch "(\.js|\.js\.gz)$">
    ForceType text/javascript
  </FilesMatch>
  <FilesMatch "(\.css|\.css\.gz)$">
    ForceType text/css
  </FilesMatch>

  # Gzip Cookie Test
  RewriteRule boost-gzip-cookie-test\.html  cache/perm/boost-gzip-cookie-test\.html\.gz [L,T=text/html]

  # GZIP - Cached css & js files
  RewriteCond %{HTTP_COOKIE} !(boost-gzip)
  RewriteCond %{HTTP:Accept-encoding} !gzip
  RewriteRule .* - [S=2]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css\.gz -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css\.gz [L,QSA,T=text/css]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js\.gz -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js\.gz [L,QSA,T=text/javascript]

  # NORMAL - Cached css & js files
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css [L,QSA,T=text/css]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js [L,QSA,T=text/javascript]

  # Caching for anonymous users
  # Skip boost IF not get request OR uri has wrong dir OR cookie is set OR request came from this server OR https request
  RewriteCond %{REQUEST_METHOD} !^(GET|HEAD)$ [OR]
  RewriteCond %{REQUEST_URI} (^/(admin|cache|misc|modules|sites|system|openid|themes|node/add))|(/(comment/reply|edit|user|user/(login|password|register))$) [OR]
  RewriteCond %{HTTP_COOKIE} DRUPAL_UID [OR]
  RewriteCond %{REMOTE_ADDR} ^72\.27\.230\.226$ [OR]
  RewriteCond %{HTTP:Pragma} no-cache [OR]
  RewriteCond %{HTTP:Cache-Control} no-cache [OR]
  RewriteCond %{HTTPS} on
  RewriteRule .* - [S=3]

  # GZIP
  RewriteCond %{HTTP_COOKIE} !(boost-gzip)
  RewriteCond %{HTTP:Accept-encoding} !gzip
  RewriteRule .* - [S=1]
  RewriteCond %{DOCUMENT_ROOT}/cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html\.gz -s
  RewriteRule .* cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html\.gz [L,T=text/html]

  # NORMAL
  RewriteCond %{DOCUMENT_ROOT}/cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html -s
  RewriteRule .* cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html [L,T=text/html]

  ### BOOST END ###
  # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI} !=/favicon.ico
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>

# $Id: .htaccess,v 1.90.2.4 2009/12/07 12:00:40 goba Exp $

(edited to remove web address)

... I realized now that you wanted me to post the file with the settings applied.. Do you want me to apply them again and repost?

Yes, Apply them and repost; it should be what your server is currently using.

I'd encourage Ela to make absolutely sure this is a Boost problem. I'm seeing the same thing and had initially attributed it to Boost but now am convinced it's a block caching problem. I have a custom module I wrote that, despite having set its cache=BLOCK_NO_CACHE is still getting cached by the block cache. And I still see the problem with Boost disabled. Only disabling the block cache fixes it. So now I need to track down why Drupal's not honoring my block cache directives.

I'm on Pressflow 6.15, Cacherouter using APC, and Boost 1.18

OK.. Uploaded the following .htaccess file to the server:

#
# Apache/PHP/Drupal settings:
#

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
  Order allow,deny
</FilesMatch>

# Don't show directory listings for URLs which map to a directory.
Options -Indexes

# Follow symbolic links in this directory.
Options +FollowSymLinks

# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php

# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
  # There is no end quote below, for compatibility with Apache 1.3.
  ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

# Set the default handler.
DirectoryIndex index.php

# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.

# PHP 4, Apache 1.
<IfModule mod_php4.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0
  php_value mbstring.http_input             pass
  php_value mbstring.http_output            pass
  php_value mbstring.encoding_translation   0
</IfModule>

# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
  # Enable expirations.
  ExpiresActive On

  # Cache all files for 2 weeks after access (A).
  ExpiresDefault A1209600

  <FilesMatch \.php$>
    # Do not allow PHP scripts to be cached unless they explicitly send cache
    # headers themselves. Otherwise all scripts would have to overwrite the
    # headers set by mod_expires if they want another caching behavior. This may
    # fail if an error occurs early in the bootstrap process, and it may cause
    # problems if a non-Drupal PHP file is installed in a subdirectory.
    ExpiresActive Off
  </FilesMatch>
</IfModule>

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

  # If your site can be accessed both with and without the 'www.' prefix, you
  # can use one of the following settings to redirect users to your preferred
  # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
  #
  # To redirect all users to access the site WITH the 'www.' prefix,
  # (http://example.com/... will be redirected to http://www.example.com/...)
  # adapt and uncomment the following:
  #
  # To redirect all users to access the site WITHOUT the 'www.' prefix,
  # (http://www.example.com/... will be redirected to http://example.com/...)
  # uncomment and adapt the following:
  # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
  # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

  # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
  # VirtualDocumentRoot and the rewrite rules are not working properly.
  # For example if your site is at http://example.com/drupal uncomment and
  # modify the following line:
  # RewriteBase /drupal
  #
  # If your site is running in a VirtualDocumentRoot at http://example.com/,
  # uncomment the following line:
  # RewriteBase /
  RewriteCond %{HTTP_COOKIE} DRUPAL_UID
  RewriteCond %{REQUEST_URI} ^/user/login [OR]
  RewriteCond %{REQUEST_URI} ^/user/register [OR]
  RewriteCond %{REQUEST_URI} ^/user/password
  RewriteRule ^user/.* / [L,R=307]
  ### BOOST START ###
  AddDefaultCharset utf-8
<FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>
  <IfModule mod_mime.c>
    AddCharset utf-8 .html
    AddCharset utf-8 .css
    AddCharset utf-8 .js
    AddEncoding gzip .gz
  </IfModule>
  <FilesMatch "(\.html|\.html\.gz)$">
    ForceType text/html
  </FilesMatch>
  <FilesMatch "(\.js|\.js\.gz)$">
    ForceType text/javascript
  </FilesMatch>
  <FilesMatch "(\.css|\.css\.gz)$">
    ForceType text/css
  </FilesMatch>

  # Gzip Cookie Test
  RewriteRule boost-gzip-cookie-test\.html  cache/perm/boost-gzip-cookie-test\.html\.gz [L,T=text/html]

  # GZIP - Cached css & js files
  RewriteCond %{HTTP_COOKIE} !(boost-gzip)
  RewriteCond %{HTTP:Accept-encoding} !gzip
  RewriteRule .* - [S=2]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css\.gz -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css\.gz [L,QSA,T=text/css]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js\.gz -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js\.gz [L,QSA,T=text/javascript]

  # NORMAL - Cached css & js files
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.css [L,QSA,T=text/css]
  RewriteCond %{DOCUMENT_ROOT}/cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js -s
  RewriteRule .* cache/perm/%{SERVER_NAME}%{REQUEST_URI}_\.js [L,QSA,T=text/javascript]

  # Caching for anonymous users
  # Skip boost IF not get request OR uri has wrong dir OR cookie is set OR request came from this server OR https request
  RewriteCond %{REQUEST_METHOD} !^(GET|HEAD)$ [OR]
  RewriteCond %{REQUEST_URI} (^/(admin|cache|misc|modules|sites|system|openid|themes|node/add))|(/(comment/reply|edit|user|user/(login|password|register))$) [OR]
  RewriteCond %{HTTP_COOKIE} DRUPAL_UID [OR]
  RewriteCond %{REMOTE_ADDR} ^72\.27\.230\.226$ [OR]
  RewriteCond %{HTTP:Pragma} no-cache [OR]
  RewriteCond %{HTTP:Cache-Control} no-cache [OR]
  RewriteCond %{HTTPS} on
  RewriteRule .* - [S=3]

  # GZIP
  RewriteCond %{HTTP_COOKIE} !(boost-gzip)
  RewriteCond %{HTTP:Accept-encoding} !gzip
  RewriteRule .* - [S=1]
  RewriteCond %{DOCUMENT_ROOT}/cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html\.gz -s
  RewriteRule .* cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html\.gz [L,T=text/html]

  # NORMAL
  RewriteCond %{DOCUMENT_ROOT}/cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html -s
  RewriteRule .* cache/normal/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}\.html [L,T=text/html]

  ### BOOST END ###
  # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI} !=/favicon.ico
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>

# $Id: .htaccess,v 1.90.2.4 2009/12/07 12:00:40 goba Exp $

@azinck
I'm not absolutely sure, we are trying to figure this out..
I am using blockcache_alter module, Mike do you think they might conflict in any way?

Ela,
New htaccess settings appear to be working. Test for the bug, it should be gone.

Hi Mike..
I deleted history, cookies, cache etc on IE, went back to the site, went to few pages, logged in, went again to same pages and they again look as if though I was not logged in. So, on my end it does not seem like the problem is gone..
If you'd like to log in to test it, that would be great.

Try this in your htaccess file; Key point is to add in FileETag None

  ### BOOST START ###
  AddDefaultCharset utf-8
  FileETag None
  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

If the above doesn't work try this

  ### BOOST START ###
  AddDefaultCharset utf-8
  FileETag None
  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresDefault A1
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

This as well

  ### BOOST START ###
  AddDefaultCharset utf-8
  FileETag MTime Size
  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresDefault A1
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

Hi Mike .. I applied the new settings.. cleaned the history, etc, got to the site, went through few pages, logged in.. same thing if visiting the pages that visited before logging in.. all other pages are fine, as long as I did not visit them before logging in..
((((((EDIT))))))) Did not see the post right above.. will try the other settings as well and report back

WOW!!! hehe :)
The setting

  ### BOOST START ###
  AddDefaultCharset utf-8
  FileETag None
  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresDefault A1
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

WORKS!!
YEY!! :)
Do you still want me to test the last code or leave as is since this one works?
Ah.. this is great news!

Hi again.. Additional couple of questions.....
Once the mod_headers are installed on the server.. will it have any difference?
.. and Do I keep this setting to apply in the future for the htaccess file once let's say there is a new version of boost and htaccess needs to be updated?

I'll be putting this into the rules, as this is the fix. So when boost 1.19 comes out, you should be safe even if mod_headers isn't there.

    <IfModule mod_expires.c>
      ExpiresDefault A1
    </IfModule>

Great.. Thank You so much!! I am so happy that you were able to figure this out!!! WOW! :)

can someone point me in the direction of Drupal 101 or Drupal for DUMMIES? lol

just had this dumped in my lap.
have no idea how to put it together but this forum seems to be addressing my biggest current issue!

looking forward to being part of this community!
thanks for what everyone has done in developing this product.

can't wait to learn how it works!

Serious_1

@Serious_1
How did you put in the boost .htaccess rules before? Do the same thing but replace the filesmatch part with this

  <FilesMatch "\.((html|xml|json)|((html|xml|json)\.gz))$">
    <IfModule mod_expires.c>
      ExpiresDefault A1
    </IfModule>
    <IfModule mod_headers.c>
      Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
      Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
    </IfModule>
  </FilesMatch>

@Serious_1
First question is are you using the boost module?
Go to admin/build/modules on your site and see if it's checked, or even listed. If not this your barking up the wrong tree.
If you are in fact using Boost and you don't know about the .htaccess files (which is in the same directory as index.php) then you probably need to pay someone to help you. That someone will not be me, too busy to help.
You can probably find what your looking for in here
http://drupal.org/forum

Thank You!

committed
also did some minor changes as well.
http://drupal.org/cvs?commit=342406

Hi there,

I'm re-opening this thread because I'm having a similar but not identical issue on a drupal website. The difference is that I have mod_headers enabled .
So I run a drupal 6 locally on MAMP. I am using boost 6.x-1.x-dev.

I hope someone will be able to advise. Please ask for specific details if you need any.

Thank you in advance

Has anybody experienced the same issue ?

Does anybody know what I could have set up wrong ?

happens if boost is disabled as well with core
#197786: Some servers / browsers will cache pages even when header Cache-control: no-cache is set
Here's the patch
http://drupal.org/node/197786#comment-1565612

Using firefox right?

Hi,

Thanks for replying :) I tried the patch but it did not help. I'm still having the same problem.

Here is a list of modules I use for login, maybe there is a compatibility issue somewhere
login destination
login toboggan

FYI: it happens with safari, firefox and chrome

Thanks

Get firecookie
https://addons.mozilla.org/en-US/firefox/addon/6683/

Let me know if the DRUPAL_UID cookie is set when this error happens.

You can also try tweaking the "Aggressive setting of the boost cookie" Setting

OK,

I got it to work by disabling the "Aggressive setting of the boost cookie" Setting and setting the document root to its value.

Thanks so much mikeytown2. Boost is what I needed, stoked.

Sadly, my host don't have mod_headers installed, so is there any chance that 6.x-1.19 will be released any time soon? The latest official release (6.x-1.18) is now close to one year old, from 2010-Jan-25...

In the meantime, is it safe to use the dev version on a production server, or will it crash? 8o)

it's fairly safe; I use it at work for some large websites.

Thanks, I have put it online now, and it has Boosted the web site a lot, Yslow times:
Before Boost - around 0.9 seconds, sometimes more
With Boost - around 0.3 seconds, every time!

I think the Yslow program itself also takes up resources, if I try browsing the site with a plain vanilla browser like Konqueror, the pages show up instantly. What an amazing module 8o)

I'm also experiencing this issue. I am on the latest dev, with mod_headers installed and I've tried it with Aggressive Cookies on and off. It seems more prominent in IE8 than Firefox/Chrome but I can't be sure.

Log in, browse to some pages, continue browsing and then you'll appear to be logged out. Continue browsing and you'll stay logged out until (it seems) that when you go to a page that previously worked, it will work. Hard refreshing on the pages that appear to log you out "fixes" the issue.

EDIT: With Core caching set to Normal and Boost caching set to Core & Boost I cannot cause the error. Weird... will report back

@interestingaftermath
Would you mind testing out this core patch?

#197786: Some servers / browsers will cache pages even when header Cache-control: no-cache is set
Here's the patch in the big issue queue: #86.

Subscribe.

Actually, adding these lines from comment #40 to Apache's configuration files seems to have done the trick:

FileETag None


ExpiresDefault A1


Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"

Not sure if it's related, but I should mention that I've had the patch from this comment applied for a while, but that alone didn't seem to help.

Subscribing

I'm suffering the same problem...don't know why but "ExpiresDefault A1" didn't save me. I'm not using dev version, is it the reason?

@hanamizuki, please test the dev version and regenerate the .htaccess rules.

Can anyone else confirm whether this issue is fixed or not in dev?

Thanks

#39 worked for me.I am using boost v.6x-1.18.
Thanks you so much @mikeyTown2

### BOOST START ###
AddDefaultCharset utf-8
FileETag None


ExpiresActive Off


Header set Expires "Sun, 19 Nov 1978 05:00:00 GMT"
Header set Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"