0036880: MantisBT does not work correctly with the setting `allow_browser_cache` = ON - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0036880	mantisbt	other	public	2026-02-11 10:48	2026-02-24 14:24

Reporter	raspopov	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	2.28.0

Summary	0036880: MantisBT does not work correctly with the setting `allow_browser_cache` = ON
Description	If this setting is enabled, many HTTP redirects stop working correctly, such as `/set_project.php?project_id=N`, which is used to switch the active project in the site's top menu or projects panel. This occurs because changing projects requires setting a new `MANTIS_PROJECT_COOKIE` cookie and redirecting to another page on the site. However, setting a browser cookie does not mean the page is out of date! The user's browser simply displays the page from cache, naturally with the old project and old cookies. Refreshing the browser with F5 or even Ctrl+F5 won't help in this case. HTTP headers won't help, as they can't propagate to other URLs.
Additional Information	It's worth checking all locations where redirects occur after setting cookies. Also, add cookie-specific "ETag" headers to pages where cookies actually change the page content. Otherwise, the browser has every right to display outdated pages from the cache. Designing a website where different projects share the same URL (e.g., `my_view_page.php`, `main_page.php`, `iew_all_bug_page.php`, etc.) requires a special approach. To implement proper, cache-friendly redirects, you must either force a page refresh using JavaScript: `window.location.reload()`, or pass the project as a URL parameter, which physically separates the pages of the different projects. In principle, we can try rewriting `set_project.php` as a JavaScript function, but the cookie `MANTIS_PROJECT_COOKIE` needs to be allowed to be written to by the browser.
Tags	No tags attached.

raspopov 2026-02-12 11:11 reporter ~0070788	I tried to implement this in JavaScript, but it's practically impossible. It's much more realistic to remove the `MANTIS_PROJECT_COOKIE` entirely and specify the project in the request parameters. MantisBT already uses this method with the "project_id" parameter in some places.

dregad 2026-02-14 03:43 developer ~0070789	There was an earlier attempt to do this, have a look at 0009193 / https://github.com/mantisbt/mantisbt/pull/1851

raspopov 2026-02-14 04:21 reporter ~0070790	Thanks for the advice! The problem is different, but the source is the same. I looked at the PR. It's difficult to read because of the auto-formatting of spaces that don't comply with the MantisBT guidelines. It seems the solution can be divided into two parts: 1) Wrap all links printed everywhere with a function. 2) Later, modify the link in the function as desired.