refresh without resending data.

**james438** · 05-01-2010, 01:08 AM

Is there a way to detect whether the refresh button was used to refresh a page? I want to make sure that the page refreshes without resending the data from $_POST.

**djr33** · 05-01-2010, 02:02 AM

Nope. All of these things (like cookies, post data, get variables in the URL, etc) are sent from the browser according to its desires. There's no way around this.
ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
1. Use sessions.
2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

(You can also use md5() on the data if you don't want to waste server space storing lots of big sessions, though that'll take a bit of time to process.)

Of course you could also just check $_POST if you prefer. And just do this for each page load and it'll be *fairly* strong, though obviously if they have two windows or are TRYING to trick it, they can.

The only way to really do this is to have some sort of validation and store every post request in the database.

If you google "stop multiple submissions" you'll surely find lots of info, but there's no easy way as far as I know.

Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.

**traq** · 05-01-2010, 02:09 AM

Originally Posted by djr33

...
Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.

that's what I do, but only when it's really necessary.

1) process $_POST data
2) save results in $_SESSION
3) use header() to redirect page to itself
4) check for stored results $_SESSION
5) display them
6) unset the stored results so it won't happen again

**james438** · 05-01-2010, 03:09 AM

I think I am going to just leave it alone. This is for my php Editor program for editing php files on my site. As long as I am aware that data will be resent when I hit refresh I can avoid this problem.

**james438** · 05-02-2010, 02:58 AM

what is $_SERVER[HTTP_CACHE_CONTROL]?

**djr33** · 05-02-2010, 03:19 AM

It's not documented on php.net, so it's not a standard part of the php configuration, but some servers may have it and others won't.
http://php.net/manual/en/reserved.variables.server.php

Regardless, I believe it's just information ABOUT the state of the server and won't actually do anything. It's something like phpinfo() in that sense-- it'll tell you how your server is configured but not actually let you access any of it.

As for how to access it, I have no idea, but I'd suggest starting at your server CP.

**gmuresan** · 05-26-2010, 07:23 PM

Any ideas on how to tell whether the page was refreshed or identically set? I know this is probably different for each implementation, but I'm completely stuck on this problem.

Originally Posted by djr33

ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
1. Use sessions.
2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

**traq** · 05-26-2010, 07:52 PM

If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.

**ll_eason** · 08-25-2012, 10:07 PM

Originally Posted by traq

If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.

Any chance of an example on how to do this as I am abit new to php I understand what your saying but it's just how to write it.

**keyboard** · 08-26-2012, 01:14 AM

Removed

Thread: refresh without resending data.

Thread Tools

Search Thread

refresh without resending data.

Bookmarks

Bookmarks

Posting Permissions