How can I set an ASP.Net web page to expire so that if the user clicks the submit button, he/she will get a page expired error if the browser's back button is pushed to try to go back and press submit again?
+1
A:
First off, use the Post-Redirect-Get pattern when the user submits the form. This will prevent them from being able to use the back button easily. To do this, all you really need to do is issue a Response.Redirect() call after you finish processing the form, even if it's to the same URL.
Secondly, you could consider using a unique id field in the form that is tied to the submission process, so that if the submission is completed, the same id cannot be used again. The suitability of this would depend on what you're doing though.
womp
2010-02-24 20:37:23
That sounds like a really good suggestion if we were starting our app from scratch, but we have an existing app that I just need a quick fix for, too much work to re-architect the whole thing.
Russ Clark
2010-02-24 20:41:04
These are both generally pretty simple implmentations. Do you mean you can't actually change any code?
womp
2010-02-24 20:55:12
We can change the code, but I was hoping for something like just setting a property in the page to disable the caching of the page.
Russ Clark
2010-02-24 21:12:27
I was just looking more carefully at our code, and we are using Response.Redirect() to go to another page when the processing for the current page is complete. This doesn't seem to cause the Post-Redirect-Get behavior that you describe.
Russ Clark
2010-02-25 13:50:09
+1
A:
Use HttpResponse.Cache to control the cacheability of the page. This gives you control over options such the expiration of the page from the cache and the Cache-Control HTTP headers.
pmarflee
2010-02-24 20:43:15
I've looked at the link you provided, but not sure where the code goes, if I run it from the Page_Load function, I'm still able to press the browser back button to get back and re-submit the page.
Russ Clark
2010-02-24 21:13:45
I also have a page with this problem. I have set every cache setting I can find to prevent it, but I still have users who manage to go 'back' and submit again. When I try it, I get a 'page expired' error, but I suppose some browsers and/or settings ignore that stuff and display the page from cache. I have code to prevent the second submit from causing an damage, but it doesn't prevent the annoyance.
Ray
2010-02-24 23:48:51
A:
From what I understand, there are two parts to your question:
1 - Stopping the browser back button - it does not work & me-thinks that we should never stop the user from pressing back. So, perhaps you could use META tag to expire the content so that the user see a "content expired" page & has to reload to get the latest content
2 - Stop multiple POST - by definition, POST is not indempotent ie. multiple POST operations should be possible. A possible mechanism is to disable the POST/SUBMIT button after the first post has completed. So, the user will not be able to do it the second time.
HTH.
Sunny
2010-02-24 21:45:05
I didn't intend to disable the back button, I just want to expire the page so that when the back button is pressed, the user get's presented with a "page expired" error. I have added some javascript to disable the submit button on the original page and that works fine in Firefox - the submit button remains disabled if the user presses the back button to return, but in IE 7, if the user presses the browser back button, the submit button on the original page is re-enabled.
Russ Clark
2010-02-25 13:28:00