After submitting a form with post method f5 will resubmit that.
What's the best to avoid this without redirecting a page. Idon't like to disturb the user like this. Stackoverflow are immune to f5 but i don't see any redirection after asking a question.
Get After Post
Form does a POST request
Code processes form
Code redirects using Location header
Result: refreshing the resulting page will merely display it again, since it was done using GET.
StackOverflow is pretty AJAX-heavy, which is why you're seeing the behavior you see.
If you don't want to get all AJAXy, you want redirects. Redirects of this sort should be transparent to the user:
if (! empty($_POST)){
// Do something with the contents of $_POST
header('Location: success.php');
}
Now, if your validation fails, you probably reload the form with some error messages, and hammering F5 will re-POST the data. But if the operation is successful, the user will be redirected to your success page, and they can hammer f5 all day without rePOSTing data, and potentially creating duplicate actions.
The standard approach for achieving this effect is to use an HTTP redirect, which isn't obvious to the user (so I assume that you refer to a meta refresh delayed redirect).
See the Post Redirect Get pattern.
Related
I have a web application that allows users to login. When the user clicks the logout button, I unset all the POST variables and clear all the cookies which contains session. However, when I press the back button, all the POST variables are still there and the last logged-in page still comes and a new session is generated in user-cookies.
I have checked all the headers such as no-cache and must-revalidate and still the same happens.
The fact that POST data is still there, is an indication that the page is being loaded from "Browser History".
I know that there is a perfect solution for my question because many web-applications do so. I would like to know how major corporations do it. There has to be a standard way which will work like a charm.
PS: Using Javascript is not an option. Maybe with JS, I can do something to prevent loading, but I don't want to do that as many users might have disabled JS. I also do not want to disable the back button and refresh features from the browser, which some applications do.
I guess, this is happening only if user log in, and right after logging in he clicks to logout. Then when you press back button in the browser, there is sending form with $_POST data of his logging and the browser asks you if you want to send that form again. Am I right? Do you mean this?
If yes, then use this solution to avoid sending form again (when back button is clicked or F5 (refresh) is pressed):
When you process form with login data, do redirect to the same page, or to home page (its on you). Use
header("HTTP/1.1 302 Found");
header('Location: '.$url_to_redirect);
Then, when he clicks back button, or refresh page, it will not send again login data, so it will not log in him back.
If there is another reason, just comment, and I will explain more.
1) Use POST for your form data transmission
2) After processing the POSTed data on server side, send a 302 Moved response to the client forcing it to leave the POST and directing it to a GET landing page.
This should be the general way to handle form submissions, effectively inhibiting rePOSTing form data. Cannot be done with GET forms - however there's seldom a need for guarded GET forms...
Is there a way to avoid reprocessing forms when I refresh php pages? I'd like to prevent resending forms when refreshing links to php files with an insert function in them. For example, I am processing a series of notes written by users at the top of each page for a new note. Besides the obvious creating a separate php file with a header function is there another way to do it?
Use the Post-Redirect-Get Pattern.
Accept a Post request
Process the data
Issue a redirect response
Accept a Get request
Issue a 200 response
If you need to display data from the submitted stuff, then include a row id or similar in (for example) the query string of the URL you redirect to.
The best way would be to do a header("location: form.php"); call after you process the form. That would redirect you back to the form page, and if you refresh, the browser wont resend the form data.
Alternatively, you could check to see if you already processed the data received, but that would still give you the browser warning message that you are going to resend the data.
You might do both, just in case someone uses the back button and accidentally clicks Submit again.
Just set some flag when you process the form first time so you could check for it and abort reprocessing later on. Session variable or cookie will work fine.
You could put a nonce into the page that is only allowed to be used once so that if you see the same nonce come in you don't do the insert of the page.
I redirect users to a new page after processing of the form.
The form is a POST-request to do-something.php. I check the input data and if it validates I process the data and perform a redirect to do-something.php?somethingdone. So the user can hit F5 w/o resending the POST request.
I tried to use header("Location:..."), $_POST = array(), unset($_POST), but (idk why) they didn't work in my php page.
So, what I did, I just used
echo '< script>window.location.replace("http://.../this.php")</script>'
😂 it works very good! Maybe it is not a good idea, I am learning PHP for the 4th week.
I want to redirect the user to some url in other website, but to send with his redirect some post variable.. is this possible? And if yes, how?
Thanks.
It is not. :(
You can however submit an hidden form using Javascript.
EDIT: shame upon me. It seems it can be achieved w/o Javascript. Try to post some data to a PHP page you write yourself, which basically tells the browser to do a 303 See Other redirect. It shall work, in the sense that the browser should re-POST the data on the redirection target, but someone reports this causes the browser to show a "really repost the data?" message, like the one you see if you refresh a web page you loaded with a POST.
However, even if it works, I think nobody does it.
I remember reading somewhere it's a good practice to redirect pages using GET to show the next page after a POST request. Why is it so?
This way, if the user reloads the page, the browser won't send another POST.
For example, if the page is an order confirmation page, you don't want the order to be repeated if the user refreshes the page.
It's because if a user submits a form and is taken to the thankyou page, then refreshes that page, the browser will prompt the user to resubmit the form, thus creating two posts to your data handler. If you redirect to the thankyou page with GET, the post vars are empty so the form won't be resubmitted.
I'm not sure it's still considered good practice - haven't heard anything on the subject for a while.
GET is idempotent while POST isn't. If the user reloads the page (or returns there by clicking the browser's Back button), nothing breaks.
I would assume this is so that the following page is bookmarkable.
If you can't remember why it's good practice then maybe there isn't a good justification for it.
IMHO, it's a case of swings and roundabouts - and certainly easy to argue the converse - whether its good practice or not really depends on how it fits in with the rest of your code.
C.
Does anyone know of a way to prevent the browser from asking the user to resend form information.
I know you can redirect the browser with:
<php
header("location http://example.com");
?>
But this seems so inefficient and takes 2 request.
Hope you can help.
duplicate of: How do I stop the Back and Refresh buttons from resubmitting my form?
Either redirect like your example, or use AJAX to submit the form in the first place. The browser has no way of requesting the same page without requesting the same page.
Not re-submitting the data would be the same as requesting a different page, so you're kinda stuck.
As far as I know, there is nothing you can really do when it comes to that behavior in POST requests. The redirect, perhaps seemingly inefficient, is actually the best way to do it. You're telling the browser that you've done all the work necessary for the post request and now you're going to send it to a page that will never change, no matter how many times you call it, making it easily bookmarkable and reusable.