473,396 Members | 1,942 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Stale Forms

Hello,

This topic has bugged me for years.

The ideal for handling web forms
would be that submitting the form
replaces the browser history's current
url with the url resulting from
the form processing code Response.Redirect url

this can be achieved for links using
client-side dom "location.replace()"

however i can't see a way of doing it
for forms?

i am trying to stop people pressing "back"
and seeing old forms and then clicking submit

although i can easily detect this at the server
and stop any damage etc. the perfect solution
would be to stop the stale form from existing
on the client

also using Response.Expires works but i feel it
is bad practice to force a roundtrip when somebody
is pressing back, and may not be interested in that
page but one further back

the way i stop stale forms from being an issue
on the server is to give each form state context
an id and sequence number which must match
the next post

you can make this strong by sticking a digest of the url
plus a secret onto the end of the url, ie:

page.asp?id=1&seq=4&hash=847389473987439

or even lock it down further by including the referer url
in the digest

all of this is ok for protecting server from damage
but what about cleaning up all those stale forms
in the browser history?

the ideal would be something like:

form.submitWithReplace();

i am surprised it isn't an option in HTML itself:

<form action="page.asp" method="post" replace="yes">

as once a form has been submitted it rarely has any
value to anybody?

Nov 19 '05 #1
1 1596
hi john,
i know what you mean, it is a bit of a pain to have an invalid browser
history.
especially considering that we are now in the realm of web applications,
rather than collections of informational web pages. however that is the
model we still have to work with and back/forward will be with us for the
foreseeable future, with all of it's side effects in the web application
paradigm.

one way i use to work around this problem, is to call
Response.Redirect(Request.Url.PathAndQuery) at the end of my postback code
(provided the user should stay on the same page, i.e. tyipcal datagrid
scenario). this has the effect of replacing the current page in the browser
history, which i think is what you want.
if you test this out on a web form that has a button. at the end of the
button_click code, redirect the user to the same page, and you'll see that
there is no option to go back or forward in the browser history. it has the
added advantage of not allowing form re-posts. and the user can refresh the
page without getting hung up on "repost the data?".

it doesn't work for redirecting to other pages though. i think .net 2.0 and
vista have some improvements for the web application model. the "navigator
app" supports forward and backward browsing, but there is another type
(forget the name) that doesn't allow back/forward functionality. you can
choose the type at compile time as far as i recall.

this probably won't solve your problem but i thought i would reply anyway.
tim

--------------------------
blog: http://tim.mackey.ie

"John Rivers" <fi*****@btinternet.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
Hello,

This topic has bugged me for years.

The ideal for handling web forms
would be that submitting the form
replaces the browser history's current
url with the url resulting from
the form processing code Response.Redirect url

this can be achieved for links using
client-side dom "location.replace()"

however i can't see a way of doing it
for forms?

i am trying to stop people pressing "back"
and seeing old forms and then clicking submit

although i can easily detect this at the server
and stop any damage etc. the perfect solution
would be to stop the stale form from existing
on the client

also using Response.Expires works but i feel it
is bad practice to force a roundtrip when somebody
is pressing back, and may not be interested in that
page but one further back

the way i stop stale forms from being an issue
on the server is to give each form state context
an id and sequence number which must match
the next post

you can make this strong by sticking a digest of the url
plus a secret onto the end of the url, ie:

page.asp?id=1&seq=4&hash=847389473987439

or even lock it down further by including the referer url
in the digest

all of this is ok for protecting server from damage
but what about cleaning up all those stale forms
in the browser history?

the ideal would be something like:

form.submitWithReplace();

i am surprised it isn't an option in HTML itself:

<form action="page.asp" method="post" replace="yes">

as once a form has been submitted it rarely has any
value to anybody?

Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Jeff Nokes | last post by:
Hello, I'm using Cache::SharedMemoryCache with an Apache 1.3.28 / mod_perl 1.28 / Mason instance on RedHat Linux 7.2. The caching mechanism seems to work fine, it creates one shared memory...
3
by: Joshua Russell | last post by:
Hi, Both the methods below open up a windows form called MasterForm. However, one works better than the other. Method 1 opens the form correctly but I don't have any reference to the instance of...
7
by: Mike Bulava | last post by:
I have created a base form that I plan to use throughout my application let call the form form1. I have Built the project then add another form that inherits from form1, I add a few panel controls...
13
by: MD | last post by:
I have been converting a program from VB6 to VB.Net and enhancing it as well. All has been progressing OK although its been hard work. Now, all of a sudden, when I try to execute a ShowDialog()...
3
by: Lloyd Sheen | last post by:
I have the following situation: Need a user resizable user control. After much trying with user control I came across the idea of hosting the controls in a form marked as not TopLevel = false. ...
1
by: Jonathan N. Little | last post by:
With all the security concerns and folks disabling JavaScript and cookies I converted my site to PHP. Originally I use session cookie to keep track of items our patrons selected on our gallery for...
3
by: petermichaux | last post by:
Hi, I am trying to put together the last major pieces of my project's puzzle. This is more website/client-side architecture than JavaScript syntax but I hope this is a good place to ask. I'm a...
2
by: Ulrike Klusik | last post by:
Hello Folks, i've got two structural identical tables (including tablespace and indexes) with identical data, on which the access path of an SQL is differs. But I don't see a reason for the...
4
by: bodhiSoma | last post by:
I've got this weird problem. I'm connecting to MySQL via PHP, querying a particular table, closing the connection then parsing and displaying the results. I then modify the table but when I...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
0
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
0
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.