[tpm] Maybe OT: Clearing CGI values in web-based apps

Adam Prime adam.prime at utoronto.ca
Tue Dec 2 08:06:56 PST 2008


Generally it's a good idea to respond to POST request's with redirects, 
not with 200's.  This gets rid of the reload problem that you're 
describing.  The biggest problem created by this is that after the 
redirect you don't have access to the original POST data, unless you 
stashed it somewhere you can get back at.  If you google 'redirect after 
post' there has been a fair amount of stuff written about the practice.

Adam


Madison Kelly wrote:
> Hi all,
> 
>   I've been stumped as to how to clear the CGI values passed in 
> web-based apps.
> 
>   For example, when a user logs in, I show a short "you've logged in 
> successfully" page that redirects to the main page. I had expected that 
> to do it because the redirect calls the URL directly, but if I reload 
> the page, it resubmits the login information. Similar after submitting 
> orders and such.
> 
>   This is the kind of thing I want to prevent.
> 
>   I know it's possible as a lot of pages these days somehow prevent this 
> from happening. Is this a perl-based solution or do I /shudder/ have to 
> use JS? If it's JS, can I bother the list for some help or pointers, 
> even if it's somewhat off-topic?
> 
> Thanks!!
> 
> madi
> _______________________________________________
> toronto-pm mailing list
> toronto-pm at pm.org
> http://mail.pm.org/mailman/listinfo/toronto-pm



More information about the toronto-pm mailing list