10-10-2012, 11:02 AM
Hi, I'm making a system which uses _GET and _POST a lot, but I don't want anything to mess up if I or someone else presses 'back' on their browser (or something like that).
Is there a way to 'clear' _GET and _POST only if the user got to the page in a different way?
10-10-2012, 02:49 PM
Nope, you can't stop a retransmit for a back button. All that really matters is likely a post though.
You can use tokens for this. Simply create a token when a form is accessed and save it in a session, it can be anything random. When they submit the form, consume the token and respond accordingly. If they hit back and explicitly retransmit the post data, then the token is no longer available to be consumed, so don't react to the input. Since they repost the same data, the token provided by the form will not match if a new token is created or if there is no token to use at all.