I’m got a comment form for an article and i’d to prevent re-submission. I notice that Worpdress handles this very well (going back doesn’t cause the browser to request a form re-submission), but I can’t figure out how they do it, even though our methods are very similar.
User visits mydomain.com/article/1/article_title.html
Fills in a form which posts to mydomain.com/addnewcomment/1.html
I then do a 302 redirect back to mydomain.com/article/1/article_title.html
Now if I press back from this position it doesn’t request a redirect. However, if I go to another page e.g. mydomain.com/tag/1/my_tag.html and press back it does resubmit the form.
Obviously I want to prevent this.
What WordPress does
User visits mydomain.com/?p=1
Fills in a form which posts to mydomain.com/wp-comments-post.php
This then does a 302 redirect back to mydomain.com/?p=1
Pressing back or visiting another page and pressing back doesn’t cause a re-submission.
I’ve had a look through the WP code but I can’t see how they manage this. Obviously it’s something i’d like to achieve.
Does anyone have any thoughts on where I may be going wrong?
(I’m only using WordPress as an example to prove that it’s possible, obviously i’m not trying to exactly duplicate WP, that would be pointless)
EDIT – Figured out what it was
I haven’t nailed exactly which header it was, but I was sending additional headers before doing the redirect (problem with my code, calling one function before the redirect, when really I should have called the redirect first).
After I moved the function and stopped sending these headers before the redirect it worked fine, without resubmissions after going back.
Of course it’s important to check for duplicates as well, but this stops the browser ever popping up with a form resubmit request which is what I wanted.
The headers I was sending where:
I’m guessing it was probably something to do with pragma no-cache or must-revalidate in the cache control header.
Either way, if you’re having the same problem, check what other headers you’re sending before the redirect.