Home > Archive > PERL CGI Beginners > December 2004 > How to avoid accidental re-sending of POST data
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to avoid accidental re-sending of POST data
|
|
| Ingo Weiss 2004-12-01, 3:55 pm |
| Hi,
this must be a common problem and I was wondering what commonly used
strategies to solve it are:
How can I avoid that a user re-sends a POST form when hitting the reload
button on a result page?
The browser typically warns you when you want to do that but I was
wondering whether there is an easy way to make it impossible.
Thanks for any hint!
Ingo Weiss
| |
| Paul Archer 2004-12-01, 8:55 pm |
| I'm no CGI expert, but my best guess is that you are not going to be able to
stop the user from resending the data, so you are going to have to make sure
you ignore the resent data. I would do this by generating a random number in
a hidden input field when creating the form. Then you can check that number
to see if you've already gotten a POST with it, and ignore the second POST
if that's the case.
Paul
1:59pm, Ingo Weiss wrote:
> Hi,
>
> this must be a common problem and I was wondering what commonly used
> strategies to solve it are:
>
> How can I avoid that a user re-sends a POST form when hitting the reload
> button on a result page?
>
> The browser typically warns you when you want to do that but I was
> wondering whether there is an easy way to make it impossible.
>
>
> Thanks for any hint!
> Ingo Weiss
>
>
>
>
>
>
>
>
>
> --
> To unsubscribe, e-mail: beginners-cgi-unsubscribe@perl.org
> For additional commands, e-mail: beginners-cgi-help@perl.org
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
>
>
>
---------------------------
404 Error - Item Not Found
<haiku>
You step in the stream,
but the water has moved on.
That page is not here.
</haiku>
---------------------------
| |
| Lawrence Statton 2004-12-02, 8:55 am |
| > I'm no CGI expert, but my best guess is that you are not going to be able to
> stop the user from resending the data
>
[snip out a technique to assist in ignoring repeat data]
This deserves to be drilled into every beginning CGI programmers brain:
You cannot PREVENT the client from doing ANYTHING, because you can't
control the software at the client end. The best you can hope for is
to gently persuade the client into clickpaths of righteousness.
A concrete example: Form validation in javascript.
Using javascript to do form validation is a *convenience* to the
normal user -- but, it does nothing to dissuade pathological software
from sending back bad data. You must be prepared at the CGI end for
anything.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Lawrence Statton - lawrenabae@abaluon.abaom s/aba/c/g
Computer software consists of only two components: ones and
zeros, in roughly equal proportions. All that is required is to
sort them into the correct order.
| |
| Randal L. Schwartz 2004-12-03, 8:55 pm |
| >>>>> "Ingo" == Ingo Weiss <ingo01@ingoweiss.com> writes:
Ingo> this must be a common problem and I was wondering what commonly used
Ingo> strategies to solve it are:
Ingo> How can I avoid that a user re-sends a POST form when hitting the reload
Ingo> button on a result page?
Ingo> The browser typically warns you when you want to do that but I was
Ingo> wondering whether there is an easy way to make it impossible.
<http://www.stonehenge.com/merlyn/We...ques/col64.html>
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
| |
| Marek Kilimajer 2004-12-07, 3:55 am |
| Ingo Weiss wrote:
> Hi,
>
> this must be a common problem and I was wondering what commonly used
> strategies to solve it are:
>
> How can I avoid that a user re-sends a POST form when hitting the reload
> button on a result page?
>
> The browser typically warns you when you want to do that but I was
> wondering whether there is an easy way to make it impossible.
redirect (302 response) after handling the form
| |
| Ingo Weiss 2004-12-13, 8:55 pm |
| > redirect (302 response) after handling the form
That's interesting! Thanks! I took a look at the documentation:
print $query->redirect('http://somewhere.else/in/the/world');
Is this how it is done?
In the above example, the document that was originally requested does
never make it to the client, right? All the client sees is the document
'http://somewhere.else/in/the/world', or am I mistaken?
The reason I am asking is the usabiliy problems associated with meta tag
redirects - they break the back button. I am assuming and hoping that
the above method is different and would not have these problems.
Thanks!
Ingo
|
|
|
|
|