Prevent Back button from showing POST confirmation alert

views:

5483

answers:

+7 Q:

Prevent Back button from showing POST confirmation alert

I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:

To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.

Since application is built in such way that going Back is a quite common operation, this is really annoying to end users.

Basically, I would like to do it the way this page does:

http://www.pikanya.net/testcache/

Enter something, submit, and click Back button. No warning, it just goes back.

Googling I found out that this might be a bug in Firefox 3, but I'd like to somehow get this behavior even after they "fix" it.

I guess it could be doable with some HTTP headers, but which exactly?

+2 A:

One way to avoid that warning/behavior is to do the POST via AJAX, then send the user to another page (or not) separately.

Sparr 2009-03-18 22:27:36

Yes, that's my backup plan. But, BACK button does not work with AJAX, so I'll have to implement my own "back handler" in such case, which I want to avoid.

Milan Babuškov 2009-03-18 22:45:39

+6 A:

One way round it is to redirect the POST to a page which redirects to a GET - see Post/Redirect/Get on wikipedia.

Say your POST is 4K of form data. Presumably your server does something with that data rather than just displaying it once and throwing it away, such as saving it in a database. Keep doing that, or if it's a huge search form create a temporary copy of it in a database that gets purged after a few days or on a LRU basis when a space limit is used. Now create a representation of the data which can be accessed using GET. If it's temporary, generate an ID for it and use that as the URL; if it's a permanent set of data it probably has an ID or something that can be used for the URL. At the worst case, an algorithm like tiny url uses can collapse a big URL to a much smaller one. Redirect the POST to GET the representation of the data.

As a historical note, this technique was established practice in 1995.

Pete Kirkham 2009-03-18 22:32:31

But how? Input data is over 4kB and page output depends on it.

Milan Babuškov 2009-03-18 22:43:59

Looks like I'll have to do it this way, unless there's some trick with the cache.

Milan Babuškov 2009-03-19 10:17:23

don't use any tricks and do it exactly the way Pete suggested. what I like about his solution is that it follows simple REST principles.

lubos hasko 2010-01-15 01:20:36

+13 A:

See my golden rule of web programming here:

http://stackoverflow.com/questions/638494/stop-data-inserting-into-a-database-twice/638506#638506

It says: “Never ever respond with a body to a POST-request. Always do the work, and then respond with a Location: header to redirect to the updated page so that browser requests it with GET”

If browser ever asks user about re-POST, your web app is broken. User should not ever see this question.

Ilya Birman 2009-03-18 23:09:01

To produce the web page I need to supply about 4k of input. I cannot do that with GET. There is no "work" to be done, the output itself depends on the parameters given. The only think I can think of is to store that 4k of data in PHP session and retrieve it in the GET request, but if user has...

Milan Babuškov 2009-03-19 10:13:40

...tabs open of my application, that would not work.

Milan Babuškov 2009-03-19 10:14:50

It seems Amazon don't follow this golden rule

Chris S 2009-03-19 10:44:52

Milan, just store your 4k in temp file and redirect to a page which will show data from it.Chris, huge number of websites are stupid, including the popular ones. That’s not a good excuse to make more stupid sites :-)

Ilya Birman 2009-03-19 11:43:03

I'd say your "golden rule" is a bit simplified. If a POST doesn't succeed, there shouldn't be a redirect. Only after the request can be processed. The concept is also known as PRG or "redirect after post".

troelskn 2009-03-19 12:13:55

If your script suddenly lost db connection and it can do nothing but display error message, including the data user has POSTed and a warning that it’s the last chance for user to copy his/her data, then yes, you’ll have to break the “golden rule”.

Ilya Birman 2009-03-19 15:45:03

But this is not a normal scenario, which we are talking about here, it’s rather a recover plan for already failing application.

Ilya Birman 2009-03-19 15:45:56

+1 A:

I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:

Your reasoning is wrong. If the request is without side effects, it should be GET. If it has side effects, it should be POST. The choice should not be based on the number of parameters you need to pass.

troelskn 2009-03-19 00:00:24

There are no side effect, but parameters are 4kB. In case you did not know, GET has a limit of 1024 bytes.

Milan Babuškov 2009-03-19 10:15:35

What kind of parameters is it that takes up that much space? Can you perhaps explain the context of your application a bit further?

troelskn 2009-03-19 12:11:52

Guys how do you fix the problem?

sfgsadfg 2009-10-06 23:49:24

Store the data in user's session using some unique key (we use autoincrement value) and redirect to another page so that it becomes a GET request. Using something like header('Location: /loadpage.php?id=23747');in PHP

Milan Babuškov 2009-10-07 08:05:19

to provide this msg "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier." remove this from your htm form "enctype="multipart/form-data" ";)

Ahmad 2010-09-30 17:28:35

ansaurus

tags:

views:

answers:

Prevent Back button from showing POST confirmation alert

related questions