"no-cached" page still appears in browser 'history' 2

[bluecjh]

I have succeeded in precluding users from resubmitting
forms by use of:

<% Response.CacheControl = "no-cache" %>>
<% Response.AddHeader "Pragma", "no-cache" %>
<% Response.Expires = -1 %>

but I can still locate some pages from 'history'
and resubmit them.

How can I stop these pages being stored?

 

[Genimuse]

I'm curious, are you using the GET method or the POST method for your forms? If you're using the GET method then the form data will be stored in the URL iteslf, and so a user clicking the URL in their History will resubmit the data. with the POST method there should be no form data to resubmit, and I would think it therefore no problem.

Is your concern that the pages are showing up in the history at all? I think your only hope there is location.replace Javascript on the client side, and I don't think there's a way to make that work with forms (though the guys over at the Javascript forum, Forum216, would know for sure).

 

[bluecjh]

Always use 'POST'.

Is your concern that the pages are showing up in the history at all?
Yes -I supposed that no-cache'd pages could not be retrieved.

 

[ToddWW]

Here's a trick that I use to prevent users from ever reposting a form. So far it has worked great for me. Maybe it could work great for you.


Step #1: Create a page with an HTML form. somepagewithform.asp

Step #2: Send that form to an ASP page that is solely used for processing the form contents and updating database, etc.. somepageprocessingform.asp

Step #3: Create a destination page to automatically navigate to when the processing of the form is complete.

Option #1: Use Server.Transfer to navigate from Page #2 to Page #3. I have never tried this, but I believe that the page that processed the form dissapears on the server. The nice part about Server.Transfer is that your form collection, variables, and query string collection remain in tact and can be accessed on the destination page if needed. If the user hits refresh on the destination page, it will simply refresh that page. It won't re-submit the form.

Option #2: This is the one that I use. On the processing page, create all of the script to process the form, update the database, etc.. at the top of the page, before you create any HTML tags. Below the processing script, write an Empty HTML page with a javascript onLoad=someFunction() statement in the body tag. Then in the javascript someFunction() function, use the method location.replace(destinationpage.asp). This will immediately navigate to the destination page after the script has executed. The key here is the location.replace(url) method in javascript. It will actually replace the processing page in history with the destination page. The processing page will never be written to the browser history. If the user hits the refresh button, it will simply refresh the destination page. If they hit the back button, it will simply take them back to the form page. The reason I like to use this method is because I can temporarily disable the location.replace(url) method and use Response.Write within the script to troubleshoot errors during development.

Just a few ideas.

ToddWW

 

[Genimuse]

Great idea, Todd, I quite like #2! It relies on Javascript, but seems like it would replace the original calling form quite nicely.

 

[bluecjh]

hmmm, I have an archaic version of IIS running and I can't use server.transfer method yet, but an upgrade is to be soon...

The second method is worth a point...Thanks. (will be my reserve option)

However, I know of a site where all but the default (1st page) don't appear in history (or a surrogate), I just want to know how they do it?

I will keep digging, but if anyone knows how...

thanks Todd