PDA

View Full Version : refresh without resending data.



james438
05-01-2010, 01:08 AM
Is there a way to detect whether the refresh button was used to refresh a page? I want to make sure that the page refreshes without resending the data from $_POST.

djr33
05-01-2010, 02:02 AM
Nope. All of these things (like cookies, post data, get variables in the URL, etc) are sent from the browser according to its desires. There's no way around this.
ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
1. Use sessions.
2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

(You can also use md5() on the data if you don't want to waste server space storing lots of big sessions, though that'll take a bit of time to process.)

Of course you could also just check $_POST if you prefer. And just do this for each page load and it'll be *fairly* strong, though obviously if they have two windows or are TRYING to trick it, they can.



The only way to really do this is to have some sort of validation and store every post request in the database.

If you google "stop multiple submissions" you'll surely find lots of info, but there's no easy way as far as I know.


Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.

traq
05-01-2010, 02:09 AM
...
Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.

that's what I do, but only when it's really necessary.

1) process $_POST data
2) save results in $_SESSION
3) use header() to redirect page to itself
4) check for stored results $_SESSION
5) display them
6) unset the stored results so it won't happen again

james438
05-01-2010, 03:09 AM
I think I am going to just leave it alone. This is for my php Editor program for editing php files on my site. As long as I am aware that data will be resent when I hit refresh I can avoid this problem.

james438
05-02-2010, 02:58 AM
what is $_SERVER[HTTP_CACHE_CONTROL]?

djr33
05-02-2010, 03:19 AM
It's not documented on php.net, so it's not a standard part of the php configuration, but some servers may have it and others won't.
http://php.net/manual/en/reserved.variables.server.php

Regardless, I believe it's just information ABOUT the state of the server and won't actually do anything. It's something like phpinfo() in that sense-- it'll tell you how your server is configured but not actually let you access any of it.

As for how to access it, I have no idea, but I'd suggest starting at your server CP.

gmuresan
05-26-2010, 07:23 PM
Any ideas on how to tell whether the page was refreshed or identically set? I know this is probably different for each implementation, but I'm completely stuck on this problem.



ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
1. Use sessions.
2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

traq
05-26-2010, 07:52 PM
If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.

ll_eason
08-25-2012, 10:07 PM
If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.

Any chance of an example on how to do this as I am abit new to php I understand what your saying but it's just how to write it.

keyboard
08-26-2012, 01:14 AM
Removed

djr33
08-26-2012, 01:40 AM
ll_eason, your question is fine here because it's a direct response to the earlier discussion. (It's not a new question.)

I think traq will be best able to explain it, but if not I could suggest some ideas. I think this is also a reasonable puzzle to put together for someone who is learning the language.