tags:

views:

48

answers:

4

I am saving personal information in PHP page.when user click submit it saves but user can go back in submit information page through browser back button.Hoe can I expire my previous page??

+1  A: 

You can use a token and set in a hidden filed, once form is submitted, you should read the value of that hidden field and store in a session and on previous page make a check that if session is set, redirect user elsewhere.

Sarfraz
Technically this works, but isn't practical in reality. You'd need to create and track a different hidden field value for every form on your site. More importantly though, this method would prevent a user ever submitting the same form twice within the same session. You could expire the session value at some point I guess, but as soon as you do, you've made it possible for the user to resubmit via the back button again.
MatW
A: 

You could use:

   session_destroy();

Or you could put this at the top of the page. When user hits back it will make a request for a new copy of the page:

<?php 
header("Cache-Control: no-cache, must-revalidate"); 
header("Expires: Sat, 07 June 1982 09:00:00 GMT"); // Past date 
?> 
David Relihan
This won't prevent a form being resubmitted via the back button or a page refresh.
MatW
A: 

Just make user stay on the same page through the whole process. So, no page to get back at all.

They call it /Post/Redirect/Get pattern. Very handy.

Col. Shrapnel
Staying on the same page won't solve the problem and isn't part of the post/redirect/get pattern. The important part of the pattern is performing the redirect at all, not where the redirect goes to.
MatW
@Mat Staying on the same page DOES help against back button. While doing just redirect after POST with 2-pages setup can not prevent user from going back and press submit button again.
Col. Shrapnel
Staying on the same page does nothing. The user just needs to go back one page, then forward one page, and they've triggered a resubmit. Again; the thing that prevents the resubmission is the redirect itself, not the redirect's target. The diagram on the page *you've* linked to makes it pretty clear..
MatW
oh my god, please save me from these noisy stupid newbies. I DID look at that diagram as I have posted this link. And this method **implies** redirect if you can read. Now begone
Col. Shrapnel
Don't be rude; it's childish. My original point was that a) your first statement is wrong; just making the user stay on the same page will not prevent resubmissions, and b) it is not a requirement of the PRG pattern that you redirect to the same page. Both those points still stand. I'm sure you know what you're trying to say, but rather than bickering with me, why not edit your answer to make your point clearer?
MatW
+1  A: 

To prevent users from resubmitting forms by using the back button, or refreshing the page, you need to follow a design pattern called Post Redirect Get.

MatW
watch your language dude, nobody's an idiot here
knittl
@knittl Thank you
MatW
@Col. Shrapnel Relax. My comments on your own answer have obviously got your back up, but why not go away and implement a form using PRG, then remove the redirect? You'll soon see that I'm not an idiot. In answer to your comment; they mean that PRG can't stop a user *manually navigating* back to the a form and resubmitting the same data...
MatW
you still don't understand that the question **is** "how to stop a user from manually navigating back to the a form and resubmitting the same data". what a pity
Col. Shrapnel
*sigh* This is my last response 'cause it's getting silly now. The question reads as: how can you stop a user submitting the page via the back button? The answer is: PRG. You can interpret it in the way you are suggesting, and to that end I suggest the OP comes back and edits the question to make it clearer. For the record, I don't understand why you feel such a strong need to prove me wrong, as our answers were fundamentally the same...
MatW
you just messed up back button with refresh one :) one just cannot resubmit a form with back button without manual navigation. this is implied in the question. manual navigation. By refusing it, you refuse to answer the question at all. you have no brains to understand it or just to distinguish 2-page setup from single page one.
Col. Shrapnel
No mix-up; both the back button and a refresh can resubmit a form. When I said PRG can't protect against a form being submitted via manual navigation, I meant it can't stop the same form being submitted on two separate occasions using the same data both times. You're still hung up on how many pages the submission process uses, which doesn't make any difference. *and yes, I know I said my previous comment was my last, but meh... :)*
MatW