views:

2298

answers:

5

I have an have an ASP.Net page which contains a button. This Page contains a ServerSide Paypal button.

When pushed my server does various clever things on the back end and then rewrites the response as a form and some javascript which posts this form to paypal..

This all works great.

However, if the user then elects to click back, they will arrive at my generated self-posting form and that will forward them again to Paypal.

I thought if I could find a way to have my generated form page not exist in the history, then this will solve my problem. but I have no idea how to correct this.

How can I remove my page from the history or just have it never appear?

Update: Thanks to all... Those are some great answers. Upvoted all good ones but went with splattne on account of clever use of hidden field rather than cookies for basis of decision.

+4  A: 

As a web application, you'll never have full control of the user's browser. Even if there was a way to instruct the browser to not store the page in history, which I doubt, you can't be sure it'll work. For example, a clever user could tweak an open-source browser to store every page in history, no matter what.

I think you should try to approach the problem from another angle. You could, for example, detect that it's the same form which is being forwarded and not send it to paypal the second time. The important thing is to do it server-side.

dub
When the user hit's back from the paypal page, the browser retrieves the Generated form from it's cache and duely self-posts again.. There is no further contact with the server. So I don't see how I can use the server to prevent this.
Rory Becker
Are you suggesting that I could have the autogenerated form have some conditional logic which either posts or executes another back().. what logic could it base this on?
Rory Becker
What can I say.... splattne answered that question within seconds of my asking it :)
Rory Becker
+2  A: 

I'm not sure if that can be done. But here is an idea how you could prevent that resubmit of the form.

You could insert a hidden input in your form which at the beginning would be empty. On submit you'll write a value in that field and make sure you check on every submit attempt if this field is empty.

If it is not empty on submit you know that the form was previously sent and you could warn the user.

splattne
Great... actually I think if I discover that this value is already populated, then I'll just execute another back :)
Rory Becker
+1  A: 

Perhaps you could set a cookie before submitting the form.

When the page is loaded, check for the existence of that cookie (meaning the form was already submitted). If found, instead of automatically submitting the form, automatically go back (window.history.back()) again.

Patrick McElhaney
+2  A: 
window.location.replace(URL);

window.location:

replace(url)

Replace the current document with the one at the provided URL. The difference from the assign() method is that after using replace() the current page will not be saved in session history, meaning the user won't be able to use the Back button to navigate to it.

eed3si9n
I don't think that will work as I am required to post the current page in order to transmit the data needed to paypal. Therefore I have some js -> "document.getElementById('form1').submit();" which I cannot replace with your "replace" suggestion
Rory Becker
+1  A: 

I'm not sure if you can do this easily with PayPal integration, but the "Post / Redirect / Get" pattern can be used to address this problem

Rich