views:

121

answers:

4

I'm looking for a solution to a recurring problem I have with form based search results in my application.

Basically when a user searches using an HTML form and I display the results from the Database on the next page, this works perfectly.

However, when a user clicks on an individual record in the result set and then clicks "Back" on the browser, the browser asks (Firefox):

"To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier."

To give an example, a form to search a DVD collection, user searches by year, clicks on an individual movie. When the user clicks back to the search results page I don't want the user to have to resubmit/resend that form data.

So does anyone have an idea of how to get around this?

To give you some more information I am using the POST method to submit the form and am using the following headers to stop the browser from caching the page.

Header('Pragma: no-cache');
Header("Cache-control: private, no-cache, no-store");
Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");.

As most of the site is password protected, I don't want the password protected side cached and be able to be brought back up after login.

Essentially what is the best way to avoid this type of browser behavior and what is the cause? Is no-cache the culprit? Should I specify an Expire time of a couple of minutes in the future from page load on the search results page?

What is the best way of approaching this as I don't see this problem on other sites. Am I going about the no-cache part all wrong?

A: 

For the search information, you could use GET instead of POST. This persists the form data in the URL. Your issue is caused because the POST data needs to be resubmitted when the user clicks back.

Brad
+5  A: 

Your browser is doing this because when the user clicks "back" the browser needs to post the data again in order to reload the page. One way around this is to use a GET request instead of a POST. In a GET request the form data is included/encoded in the actual URL.

As a side note - whether using a GET or POST, you should think about whether you need to use the session in order to cache your results in order to prevent an unnecessary database call.

P.S. Using a GET request has the great advantage that your search results pages will be bookmarkable.

Edit: There's some good info on forms, POST/GET requests and the differences between them here, including info on the "Redirect after Post" pattern which addresses this issue.

Richard
A: 

There are two ways to prevent this behavior.

  1. Change the form's method from POST to GET. This will encode the query in the URL and remove this back button behavior. FWIW, this is what Google does for their search.
  2. Find some way to cache the results of the search (say with session data or Memcache), and redirect them to another page that will access the cached result, using a 302 Redirect header.
Jeremy DeGroot
A: 

It's nothing to do with PHP.

If you use the back button to go back to any page that performed a POST it will ask to perform that POST again.

The reason that it doesn't happen with GET is that the GET information is in the URL.

streetparade
well it's not so much that the data is in the URL, more that POST data is consider as "write" or change data, whereas a GET is considered a read request. Re-reading a resource twice will have no impact, re-writing to a resource might very well have horrible implications. Hence the browser warning.
Richard
thats true and valing in most cases i agree ;-)
streetparade