reciving warnings on browsing backward from php pages

[keith23]

Hi all i am using sessions on each page of my php to make sure user is loged in but when press browser back page i get the following error and once i refresh i can see the page. It is very annoying to see that every time and i know the session did not expire.Could any one tell me how to solve this problem and not to recive such warnings.Thanks

Warning: Page has Expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you. 

To resubmit your information and view this Web page, click the Refresh button.

 

[sleipnir214]

That's an IE thing, not a PHP thing.



Want the best answers? Ask the best questions! TANSTAAFL!

 

[Vragabond]

That's a posted form thing not a sessions thing. When information is sent to the next page via post method the page needs to be refreshed if data is to be resent. If you use the back button, that does not happen and browser will ask you that question. I personally find this pretty useful.

 

[jpadie]

I personally find this pretty useful

indeed!

and Keith23: you should ensure that your login code traps resubmission of post login data and ignores it otherwise you have a nasty security vulnerability. you can do this with uniqueid's in the form (or use the SID) and some login logging.

 

[skiflyer]

Coding for a situation where going backwards is always a possibility really sucks, but it's something you need to keep in mind when coding for web browsers.

As mentioned, you need to trap for duplicate form submissions like this, but IE is basically trying to help you out by making it less than easy for the user to resubmit the data.

If this is just a login issue, you can use redirects (header preferably) so that a single press of the back button takes them to a post-login page rather than back to the page which processed the login.