Post/Redirect/Get solution just for refreshing the page?

StackOverflow https://stackoverflow.com/questions/21464128

Question

PHP Post/Redirect/Get solution is good just for refreshing the page?

What about if the user clicks on the back button twice and resend the form? The only solution I have found is to check in my database if same data is already posted.

Is there any other solution without querying the database?

Thank you in advance!!!

Was it helpful?

Solution

PRG is perfect for browser Back button support too. An HTTP redirect replaces the URL in browser history instead of adding a new entry. If you apply PRG consistently, i.e. you always return a redirect from a POST, then browser history will only contain "safe" pages (GET), there will never be a POST URL in the history.

There is still a chance of getting duplicate form submissions, though. For example if the user double-clicks the submit button. So if you want to be extra safe you need some extra mechanism (e.g. nonce) to prevent double submissions.

OTHER TIPS

PRG is used because of the nature of HTTP. POST is not a safe operation hence PRG is preferred.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top