How to Prevent Form Resubmission When Page Is Refreshed (F5/Ctrl+R)

How to prevent form resubmission when page is refreshed (F5 / CTRL+R)

Use the Post/Redirect/Get pattern. http://en.wikipedia.org/wiki/Post/Redirect/Get

With my website, I will store a message in a cookie or session, redirect after the post, read the cookie/session, and then clear the value of that session or cookie variable.

How to Prevent Form Resubmission when page is refreshed or back button is clicked

I was searching around for days and finally found something. IF you use a HTML command it will remove any input the user put when the user goes back. Because my problem was when the user goes back after be redirected, their information was still there but if you use

<form method="post" enctype="multipart/form-data" autocomplete="off">

it removes everything so it kinda helps. The user will still be allowed to go back but at least now they can't resubmit the data.

Preventing form resubmission

There are 2 approaches people used to take here:

Method 1: Use AJAX + Redirect

This way you post your form in the background using JQuery or something similar to Page2, while the user still sees page1 displayed. Upon successful posting, you redirect the browser to Page2.

Method 2: Post + Redirect to self

This is a common technique on forums. Form on Page1 posts the data to Page2, Page2 processes the data and does what needs to be done, and then it does a HTTP redirect on itself. This way the last "action" the browser remembers is a simple GET on page2, so the form is not being resubmitted upon F5.

PHP Clear $_POST data. Prevent form resubmission when page is refreshed

After reviewing your logic and re-reading your initial message I see the issue. This appears to be a logical issue.

Gonna take a crack at what I think you are trying to do:

home.php

<?php
    session_start();
    
    // If the session is not 'loaded', send them to login.php
    if (!$_SESSION['loaded'])
    {
        header('Location: login.php');
        exit;
    }
    
    // Todo: Business logic below, etc

login.php sends a post to something (lets say auth.php)

auth.php

<?php
    session_start();

    require_once('dbh.inc.php');
    require_once('functions.inc.php');

    if (!isset($_POST['submit'])) {
        exit;
    }
  
    $userMail = $_POST['email'] = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    $password = $_POST['pass'] = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

    // Verify the user in some way
    if( $user_is_verified ) {

        // Set this session you used
        $_SESSION['loaded'] = true;

        // Send them back to the home page, now 'loaded' in the session
        header('Location: home.php');

    } else {

        // Send them back to the login page
        // Todo: Maybe also tell them why they failed, maybe in a session variable?
        header('Location: login.php');
    }

Previous Answer: Based on your replies in the comment section and the code that is visible, the simplest implementation would be to also use a header('Location: some_success_url') when the login is successful as well.

In this way, a refresh does nothing but refreshes the some_success_url page, and the back button just takes you back to the login page (or however your logic works when the user is already authenticated)

Prevent resubmission after HTML form succeeds

You can use javascript window.history.replaceState approach to prevent a resubmit on the page refresh.

<script>
if ( window.history.replaceState ) {
    window.history.replaceState( null, null, window.location.href );
}
</script>

You can also do a page redirection to same page or different page after form submission.

header('Location:'.$_SERVER['PHP_SELF']);

---

Related Topics