Robert Samuel White wrote:
> You might want to modify your coding.  The way I prevent this problem
> from ever happening is this: 
> 
> 
> 
> 1.  The user completes information on the form.
> 
> 2.  The form is validated by PHP.
> 
> 3.  If there are errors, then the form is reshown with their values
> populated. 
> 
> 4.  Once all errors are corrected, I process the form and then use a
> Header("Location: ") to redirect the user to the same page (or
> another page). 
> 
> 
> 
> This has the advantage of allowing a user to click the back button
> and seeing their form with their values still intact. 
> 
> 
> 
> This prevents a method post page from being in the user's browser
> history. 

Robert,

I do the three first items but not the last one (#3 is done both client-side
and server-side by the way). I can add a hard redirect but I am a bit
surprised that it should fix the issue.

Yet I see it in Chris Shiflett's article at
http://shiflett.org/articles/guru-speak-nov2004

He also advises to add ini_set('session.cache_limiter', 'private');

Can somebody explain the login behind the redirect?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to