Reply to Re: [PHP] Bulletproof POST remove

Your name:

Reply:


Posted by Joe Wollard on 04/12/05 08:32

Andy,

I've done this in the past when setting a cookie for a user-defined
theme and also for a message board which used the post method. In my
case I put all of the logic into a separate page altogether. So you'd
have your form on page A, logic in page B and a landing page which can
be the same as A. The logic page (B) would perform some validation and
then redirect the browser back to page A with either a GET var in the
redirected URL indicating failure or success.

basically:
http://127.0.0.1/A.php-[form submission POST]->
http://127.0.0.1/B.php-[HTTP REDIRECT-> http://127.0.0.1/A.php?exit_code=0

I know this is similar to your existing flow, but try it in a separate
page. The additional redirect seems to do the trick. Besides, it helps
keep logic separate from UI. ;-)



Andy Pieters wrote:

>Hi all
>
>I noticed some sites are able to remove POST data 100% of the time. Even if
>the user presses the back button there is no more POST data pressent.
>
>I would like to achieve the same thing and currently I use a location header
>to transfer the user to the same page.
>
>Like
>
>check post
> do action
>header('Location: $thispage');
>die();
>
>But then when the user presses the back button they can still retransmit the
>action.
>
>I tried playing with the MUST-REVALIDATE, pragma-nocache header and stuff but
>it doesn't seem to work. Also I notice that on some sites, when I press the
>back button, there is a white page that sais "Your session has expired".
>
>It should be noticed that I do not use sessions.
>
>It should be like POST-once, after that there should be no more remnants of
>it.
>
>
>With kind regards
>
>Andy
>
>
>
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация