Good afternoon friends, excuse me for my poor english language. I have a question relating PHP and POST request: Supose I have a script (admin.php) that sends some POST vars to another script, or himself (dont mater, for example say validate.php). In most cases, when the user pushs the "back" buton on the browser's, the browser says "The page you try to see contain POSTDATA that expires from cache. If you resend the data, any action..." ->In firefox for example. This meaning, the user pushs the back button and the POST vars will be resended to the script "validate.php". What happen if the POST data contain some general "delete all the IDs that meet a condition" and then the data will be deleted again... I want to avoid this if it is a possibility. For example, in squirrelmail (a open sourced mail client in php), once you push the log out buton (and you were seeing the e-mail inbox page for example), you are loged out, and if you push the back buton in browser, the browser dont send you to the inbox listing, but to a page that says "your sesion expired" or something as that. So this mean the behaviour I look for is taken care of in this system (squirrelmail), so the user once logges out, wont be able to go back and see the emails, but he is restricted from that behaviour. How can I implement this on my script? I dont know if this is something I should know, because Im not new to PHP programing, but maybe Im new to "advance" things like this. I mean, maybe what I need is for the browser to automaticaly "refresh" the page, so that if "script.php" contain a form, it will be seen like it was initially, and if it contains an email listing like the example, it will be refreshed, and the script will say "error, you are not loged in" or as that. If Im stil not clear with this (english not good I presume), then basically I can say: If the user click on the "submit" buton on a form, then this takes him somewhere else, when the back buton is presed, he is returned to the form, but with its initial state (not resend the form data) If the user is loged out, and he is seing a "only loged user area", then he clicks log out, when the back buton is presed, he is send to a page saying "restricted page for unloged users", which is basically, the script being refreshed actually (in the form case above, it is the same, page being refreshed) Best regards, Franz.

Quote:Original post by Sander
You can't prevent that the POST data is sent again when a user pushes the back button. You should try to detect this and ignore the POST data. In your logout example, your script could look roughly like this:

if(!session_exists()){    echo "session expired";}// do stuff with POST variables

If the user logs out then the session will expire. If he presses the back button then the if() statement will fail and the user will get the message. As for deleting data twice: Since it was already deleted the first time, trying to delete it a second time will fail silently. No harm done.

Hello Sander, thanks you.
So I understand very well this you say about "You can't prevent that the POST data is sent again when a user pushes the back button."
And then your solution must works for a script that can expire.

But what about a form? Is not there a explicit way to tell the browser to always refresh the script?
Supose you have a form, and send the data, when you push the back buton, the data you entered is there (or so it happens with firefox), so I think firefox is not refreshing the script but actually using the cache. How can I say explicit to firefox "refresh the page always"???
Is this matter posible?

Thanks you.

Quote:Original post by Sander
If you press back after you submitted a form then the page *is* refreshed (depending on the HTTP headers - see header()) but firefox will insert your previously filled out actions for you. You cannot change that firefox behaviour from the server.

Can't you specify the value as ""? Then it shoudln't reload any of the previously entered data since you're explicitly telling it the value in the html.

As far as the back button behavior goes, I get rid of the post messages by using a header redirect on the page that handles the data. For example. start.php has a form that submits to handleform.php. Once handleform.php is done processing the data it redirects the page to success.php. If you press back then the browser takes you to start.php without the POST warning.

It is worth noting that this can all be done on the same page if you are submiting the form to to the same page. Just make sure that you handle the post data before you send anything to the browser and redirect back to the same page. You can use session or GET in order to maintain state while redirecting.

Quote:Original post by Sander

Quote:Original post by tstrimp
Can't you specify the value as ""? Then it shoudln't reload any of the previously entered data since you're explicitly telling it the value in the html.

If you're going top the form through the back button or issue a refresh, FireFox will still remember the form for you. You can disable this behaviour in FireFox's preference screen, but you can't control if from the server for other people using firefox.

Thanks you Sander and tstrimp, you are very helpful people, now I think I understand this matter.

Bye bye,

Franz

As I understand the problem, Franz_Weller wanted browser not to resend POST data and not ask user.
I think it can be implemented this way:
1) User fills the form on page form.html and sends it to post.php
2) post.php proceses the data and redirects user to result.html if the data is correct or back to form.html if it's not.
This way the post.php page is not saved in browser's history and so there would be no POST data to send.
Here is the example code:
form.html

post.php

result.html