Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: refresh without resending data.

  1. #1
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,703
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default refresh without resending data.

    Is there a way to detect whether the refresh button was used to refresh a page? I want to make sure that the page refreshes without resending the data from $_POST.
    To choose the lesser of two evils is still to choose evil. My personal site

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    Nope. All of these things (like cookies, post data, get variables in the URL, etc) are sent from the browser according to its desires. There's no way around this.
    ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
    1. Use sessions.
    2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
    3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

    (You can also use md5() on the data if you don't want to waste server space storing lots of big sessions, though that'll take a bit of time to process.)

    Of course you could also just check $_POST if you prefer. And just do this for each page load and it'll be *fairly* strong, though obviously if they have two windows or are TRYING to trick it, they can.



    The only way to really do this is to have some sort of validation and store every post request in the database.

    If you google "stop multiple submissions" you'll surely find lots of info, but there's no easy way as far as I know.


    Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by djr33 View Post
    ...
    Another way to completely avoid the problem would be to force a redirect after the post data was sent. But this comes with its own set of problems.
    that's what I do, but only when it's really necessary.

    1) process $_POST data
    2) save results in $_SESSION
    3) use header() to redirect page to itself
    4) check for stored results $_SESSION
    5) display them
    6) unset the stored results so it won't happen again

  4. #4
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,703
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    I think I am going to just leave it alone. This is for my php Editor program for editing php files on my site. As long as I am aware that data will be resent when I hit refresh I can avoid this problem.
    To choose the lesser of two evils is still to choose evil. My personal site

  5. #5
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,703
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    what is $_SERVER[HTTP_CACHE_CONTROL]?
    To choose the lesser of two evils is still to choose evil. My personal site

  6. #6
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    It's not documented on php.net, so it's not a standard part of the php configuration, but some servers may have it and others won't.
    http://php.net/manual/en/reserved.variables.server.php

    Regardless, I believe it's just information ABOUT the state of the server and won't actually do anything. It's something like phpinfo() in that sense-- it'll tell you how your server is configured but not actually let you access any of it.

    As for how to access it, I have no idea, but I'd suggest starting at your server CP.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  7. #7
    Join Date
    May 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Any ideas on how to tell whether the page was refreshed or identically set? I know this is probably different for each implementation, but I'm completely stuck on this problem.

    Quote Originally Posted by djr33 View Post
    ONE way to do it could be to cache every request and if a request is identical, then ignore the results. For example:
    1. Use sessions.
    2. Upon the request store EVERY relevant bit of into into a large array: full URL, $_POST, $_COOKIE, maybe more if you can think of it. Now, do this EACH time you refresh the page and replace it each time.
    3. If the new info sent matches the stored value in $_SESSION, you know the page was either refreshed or identically set.

  8. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

    I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.

  9. #9
    Join Date
    Aug 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by traq View Post
    If it's a form, you can add a hidden field with a random number as the value. The first time the form is submitted, save that value to the $_SESSION. When the form is submitted again, it should have a different random number - if it's the same, it's pretty safe to assume that it's a "refresh."

    I had to figure that out the other day, trying to make a script work inside of a CMS. The CMS had already output stuff to the browser before it touched my script, so I couldn't use header() to redirect.
    Any chance of an example on how to do this as I am abit new to php I understand what your saying but it's just how to write it.

  10. #10
    Join Date
    Mar 2011
    Location
    N 11░ 19' 0.0012 E 142░ 15' 0
    Posts
    1,510
    Thanks
    41
    Thanked 89 Times in 88 Posts
    Blog Entries
    3

    Default

    Removed
    Last edited by keyboard; 08-26-2012 at 02:13 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •