Prevent Back button from showing POST confirmation alert

php forms post http-headers

61,203

Solution 1

One way round it is to redirect the POST to a page which redirects to a GET - see Post/Redirect/Get on wikipedia.

Say your POST is 4K of form data. Presumably your server does something with that data rather than just displaying it once and throwing it away, such as saving it in a database. Keep doing that, or if it's a huge search form create a temporary copy of it in a database that gets purged after a few days or on a LRU basis when a space limit is used. Now create a representation of the data which can be accessed using GET. If it's temporary, generate an ID for it and use that as the URL; if it's a permanent set of data it probably has an ID or something that can be used for the URL. At the worst case, an algorithm like tiny url uses can collapse a big URL to a much smaller one. Redirect the POST to GET the representation of the data.

As a historical note, this technique was established practice in 1995.

Solution 2

See my golden rule of web programming here:

Stop data inserting into a database twice

It says: “Never ever respond with a body to a POST-request. Always do the work, and then respond with a Location: header to redirect to the updated page so that browser requests it with GET”

If browser ever asks user about re-POST, your web app is broken. User should not ever see this question.

Solution 3

One way to avoid that warning/behavior is to do the POST via AJAX, then send the user to another page (or not) separately.

Solution 4

I have been using the Session variable to help in this situation. Here's the method I use that has been working great for me for years:

//If there's something in the POST, move it to the session and then redirect right back to where we are
if ($_POST) {
    $_SESSION['POST']=$_POST;
    redirect($_SERVER["REQUEST_URI"]);
}

//If there's something in the SESSION POST, move it back to the POST and clear the SESSION POST
if ($_SESSION['POST']) {
    $_POST=$_SESSION['POST'];
    unset($_SESSION['POST']);
}

Technically you don't even need to put it back into a variable called $_POST. But it helps me in keeping track of what data has come from where.

Solution 5

I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:

Your reasoning is wrong. If the request is without side effects, it should be GET. If it has side effects, it should be POST. The choice should not be based on the number of parameters you need to pass.

View more solutions

61,203

Author by

Milan Babuškov

Software developer, owner of a small ISV company, project manager of the open source FlameRobin project. Specialized in Linux, C++, PHP and Relational databases. You can read my software related blog at http://www.BackwardCompatible.net You can also buy my shareware software at http://www.GuacoSoft.com

Updated on November 13, 2020

Comments

Milan Babuškov over 3 years

I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:

To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.

Since application is built in such way that going Back is a quite common operation, this is really annoying to end users.

Basically, I would like to do it the way this page does:

http://www.pikanya.net/testcache/

Enter something, submit, and click Back button. No warning, it just goes back.

Googling I found out that this might be a bug in Firefox 3, but I'd like to somehow get this behavior even after they "fix" it.

I guess it could be doable with some HTTP headers, but which exactly?