Is there a way to detect whether the refresh button was used to refresh a page? I want to make sure that the page refreshes without resending the data from $_POST.
Printable View
Is there a way to detect whether the refresh button was used to refresh a page? I want to make sure that the page refreshes without resending the data from $_POST.
Nope. All of these things (like cookies, post data, get variables in the URL, etc) are sent from the browser according to its desires. There's no way around this.
ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
1. Use sessions.
2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.
(You can also use md5() on the data if you don't want to waste server space storing lots of big sessions, though that'll take a bit of time to process.)
Of course you could also just check $_POST if you prefer. And just do this for each page load and it'll be *fairly* strong, though obviously if they have two windows or are TRYING to trick it, they can.
The only way to really do this is to have some sort of validation and store every post request in the database.
If you google "stop multiple submissions" you'll surely find lots of info, but there's no easy way as far as I know.
Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.
I think I am going to just leave it alone. This is for my php Editor program for editing php files on my site. As long as I am aware that data will be resent when I hit refresh I can avoid this problem.
what is $_SERVER[HTTP_CACHE_CONTROL]?
It's not documented on php.net, so it's not a standard part of the php configuration, but some servers may have it and others won't.
http://php.net/manual/en/reserved.variables.server.php
Regardless, I believe it's just information ABOUT the state of the server and won't actually do anything. It's something like phpinfo() in that sense-- it'll tell you how your server is configured but not actually let you access any of it.
As for how to access it, I have no idea, but I'd suggest starting at your server CP.
If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."
I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.
Removed
ll_eason, your question is fine here because it's a direct response to the earlier discussion. (It's not a new question.)
I think traq will be best able to explain it, but if not I could suggest some ideas. I think this is also a reasonable puzzle to put together for someone who is learning the language.