* SiteMgr: sitewide config to allow proxys and CDNs caching of anonymous requests (Expires and Cache-Control header)

apps can now enable public caching by either setting $GLOBALS[egw_info][flags][nocachecontrol] to "public" (default php.ini session.cache_expire) or a numeric value in seconds, or call egw_session::cache_control()

header.inc.php.template

@@ -72,17 +72,6 @@ $GLOBALS['egw_info']['server']['mcrypt_enabled'] = {ENABLE_MCRYPT};
 */
 $GLOBALS['egw_info']['server']['mcrypt_iv'] = '{MCRYPT_IV}';
 
-if(!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) || !$GLOBALS['egw_info']['flags']['nocachecontrol'])
-{
-	header('Cache-Control: no-cache, must-revalidate');  // HTTP/1.1
-	header('Pragma: no-cache');                          // HTTP/1.0
-}
-else
-{
-	// allow caching by browser
-	session_cache_limiter('private_no_expire');
-}
-
 $GLOBALS['egw_info']['flags']['page_start_time'] = microtime(true);
 
 define('DEBUG_API',  False);

phpgwapi/inc/class.egw_session.inc.php

@@ -523,6 +523,7 @@ class egw_session
 		}
 		else
 		{
+			self::cache_control();
 			session_start();
 			// set a new session-id, if not syncml (already done in Horde code and can NOT be changed)
 			if (!$no_session && $GLOBALS['egw_info']['flags']['currentapp'] != 'syncml')
@@ -870,6 +871,7 @@ class egw_session
 
 		session_name(self::EGW_SESSION_NAME);
 		session_id($this->sessionid);
+		self::cache_control();
 		session_start();
 
 		// check if we have a eGroupware session --> return false if not (but dont destroy it!)
@@ -1627,6 +1629,70 @@ class egw_session
 		return false;
 	}
 
+	/**
+	 * Controling caching and expires header, based on $GLOBALS['egw_info']['flags']['nocachecontrol']:
+	 * - not set of false --> no caching (default)
+	 * - true --> private caching by browser (no expires header)
+	 * - "public" or integer --> public caching with given cache_expire in minutes or php.ini default session_cache_expire
+	 *
+	 * @param int $expire=null expiration time in seconds, default $GLOBALS['egw_info']['flags']['nocachecontrol'] or php.ini session.cache_expire
+	 */
+	public static function cache_control($expire=null)
+	{
+		if (is_null($expire) && isset($GLOBALS['egw_info']['flags']['nocachecontrol']) && is_int($GLOBALS['egw_info']['flags']['nocachecontrol']))
+		{
+			$expire = $GLOBALS['egw_info']['flags']['nocachecontrol'];
+		}
+		// session not yet started: use PHP session_cache_limiter() and session_cache_expires() functions
+		if (!isset($_SESSION))
+		{
+			// controling caching and expires header
+			if(!isset($GLOBALS['egw_info']['flags']['nocachecontrol']) || !$GLOBALS['egw_info']['flags']['nocachecontrol'])
+			{
+				session_cache_limiter('nocache');
+			}
+			elseif ($GLOBALS['egw_info']['flags']['nocachecontrol'] === 'public' || is_int($GLOBALS['egw_info']['flags']['nocachecontrol']))
+			{
+				// allow public caching: proxys, cdns, ...
+				if (isset($expire))
+				{
+					session_cache_expire((int)ceil($expire/60));	// in minutes
+				}
+				session_cache_limiter('public');
+			}
+			else
+			{
+				// allow caching by browser
+				session_cache_limiter('private_no_expire');
+			}
+		}
+		// session already started
+		if (isset($_SESSION))
+		{
+			if (isset($expire) && (session_cache_limiter() !== 'public' || $expire !== session_cache_expire()))
+			{
+				if (headers_sent($file, $line))
+				{
+					error_log(__METHOD__."($expire) called, but header already sent in $file: $line");
+				}
+				else
+				{
+					header('Cache-Control: public, maxage='.$expire);
+					header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$expire) . ' GMT');
+					// remove Pragma header, might be set by old header
+					if (function_exists('header_remove'))	// PHP 5.3+
+					{
+						header_remove('Pragma');
+					}
+					else
+					{
+						header('Pragma:');
+					}
+				}
+			}
+		}
+	}
+
 	/**
 	 * Get a session list (of the current instance)
 	 *