Question
I have an HTML form which I want to post data to then display some text to the user. I've heard several people discuss this idea:
should the user go from [form page] -> [processing form post page] -> [display page] or should the user just go to a combined [form page] -> [processing form / display page]
I've heard arguments the former is more secure while the latter is less redirects.
What are some answers?
Solution
To avoid caching issues, resubmission on refresh issues and similar problems: Use the POST-REDIRECT-GET pattern.
- Browser makes HTTP POST request with form data
- Server processes data and responds with a redirect response
- Browser makes HTTP GET request (possibly including an id that is related to the submitted data in the query string)
- Server responds with a 200 response and the information
OTHER TIPS
From what your question asked, you could just have the [form page] -> [form page to process and display].
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow