When a form is submitted, and then the user clicks the back button, how do I prevent the data from being resubmitted. A lot of what I have read indicates that the solution to this is to implement the PRG ‘pattern’.
I found this web page PRG Pattern that I’d like to use as an example.
When I execute this code, I can still click the back button and then re-click the submit button and have the form resubmit the data, even though it redirects. So, I’m not seeing how this is supposed to prevent resubmitting the form data.
So, using this page as an example, how could the code be modified to prevent this behavior?
PRG is used to prevent reload resubmit event, you can always go back to page from browser and submit the form with this
to prevent this you can issue tokens while rendering form and while submitting send it to server and see if that is the right token (by putting it somewhere in session) then process the request
update: when you serve the form set some token in session
now on submit of form, post the token back to server, and match it with the one from session, if both matches allow the request, if doesn’t matches that means the request is already executed or some one is trying to simulate form post and missing the form token in submitted data,
so now if you already have submitted once and if you go back using browser button and resubmit it again the code won’t match and it will prevent resubmission
make the token check thing synchronized to handle parallel request case