Postback cause browser confirmation before refreshing (F5)

Question

When I do a postback, why the browser always ask me a confirmation before refreshing ? (F5 / CTRL + F5)

My code is really simple (I use a master page) :

.aspx

...
<asp:button runat="server" ClientIDMode="static" type="button" id="btnlogin" 
                  OnClientClick="return veriflogin();" class="btn btn-primary" Text="Valider" 
                  onclick="btnlogin_Click"></asp:button>

<asp:Label ID="ok" runat="server" Visible="false" Text="allright"></asp:Label>
...

.cs

protected void btnlogin_Click(object sender, EventArgs e)
{
    ok.Visible = true;
}

The confirmation (IE):

Can I avoid this confirmation ?

Answer 1

Postback occurs (as name suggests) using POST HTTP verb. POST by definition is not idempotent, and thus repeating the same request is not necessarily safe. In other words, repeating POST may result in different end result than doing it once. Hence the browser warns you that in order to retrieve the page again, it has to repeat POST operation which may have unintended consequences.

For example, in RESTful applications, POST implies "create" (as in CRUD, akin to SQL's INSERT) a resource. Executing POST twice means two instances of the resource will be created rather than one. Compare it with GET which is a read operation, and reading the same resource more than once does not affect the state of the resource(s), and is thus considered safe (because GET is idempotent)

Answer 2

No, you can't avoid the confirmation.

If your last action on a site was a POST, most browsers will ask for a confirmation on whether you want to refresh the site with the same POST again. That's intended behavior.

POST requests are intended to modify state in one way or another. That's why your browser warns you. GET requests should not modify state, and are therefore considered "safe" to resubmit.