-1

When a user tries to log in to my site, his user name and password are sent as POST variables. When the page loads, I get the variables, process them and decide whether log in was successful or not. Then I render my page containing a message informing the user of their success or failure to log in.

My problem is that if the user hits F5 or refresh, the browser prompts them to resend the log in data. Is there a way to avoid it without reloading the page? Some javascript maybe? If not, then I can send a header to reload the page, but how would I display the message to the user?

Right now I have a user_message object containing an array of information to show the user on page load.

Improve this question

5 Answers 5

Reset to default
5

You should redirect to the new page. This way when the user refreshes the page there will be no POST variables.

form -> form handler -> success / failure page

Where the second arrow is the redirect.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

So there is no javascript way to settle this?
You could AJAX Post the data instead of making a normal form request. THere is no other solution since the browser "caches" the last whole(!) request incl. the sent data.
@AnPel What do you mean by "javascript way"?? The form is handled by PHP right so I don't see what Javascript has to do with it. Could you please elaborate?
@RepWhoringPeeHaa the prompt to resend the form data is browser issued, php has nothing to do with it. Maybe the prompt could be manipulated or even not shown in some way.
@AnPel You say: "Then I render my page containing a message informing the user of their success or failure to log in." That means PHP renders the page right? If not I have question for you: You aren't trusting JS to do any credential validating do you?
|
3

The solution to this is the PRG pattern. You process the login information from the page that is POSTed, then you redirect to another (result) page with GET.

Improve this answer

Comments

2

You may want to use the PRG Pattern

It prevents the user from re-sending by redirecting him to a new page. This means an additional roundtrip but that is mostly no problem.

Improve this answer

Comments

1

You can check the POST variables, decide whether the login is succesful or not and execute a header('Location: success.php'); or something.

Improve this answer

Comments

1

Do a redirect to another URL (or even the same, but the next time it will be a GET request intead of POST) using "Location: whatever" header. Before that, store some info either in the session with $_SESSION variable. Or you can save your message in the URL, just redirect the user to loginresult.php?badlogin=1. In the destination page, show whatever message you need.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.