[whatwg] page refresh and resubmitting POST state
kornel at geekhood.net
Sun May 24 08:41:47 PDT 2009
On Sun, 24 May 2009 15:41:12 +0100, Aryeh Gregor
<Simetrical+w3c at gmail.com> wrote:
>> This problem can be elegantly solved within existing standards: Opera
>> simply goes back in history without resubmitting forms, and resubmits
>> only when user clicks standard Reload button (or F5, etc.)
> Firefox does that too, at least in 3.5b4pre. But this solution only
> works if the page is still in the browser's history cache. Browsers
> can't keep pages in their cache forever -- it fills up and needs to be
It only needs to keep it as long as Back history is kept, and could get
rid of it as soon as this entry is removed from Back/Forward history.
>> * If it's not safe to resubmit, use status 303. I know it's not very
>> convenient, but can be implemented reasonably well and works with
>> existing browsers.
> The problem is that since HTTP is stateless, you don't have the data
> available to show a confirmation page.
You store the data on server side, and redirect to URL that contains
unique ID for this data.
It's just a few lines in PHP (and similar solutions shuold be possible in all web frameworks):
$id = uniqid();
$_SESSION[$id] = $_POST;
$_POST = $_SESSION[$_GET['id']];
This works even for multiple submissions done in parallel and it's pretty
secure and tamper-proof.
>> * If it's safe to resubmit, use PUT method (allowed in HTML 5), which
>> is idempotent by definition.
> Theoretically, but not really in practice. Someone else might have
> PUT something new at the URL since your last PUT, or DELETEd it, or
> otherwise done something to it. In that case, you'd overwrite their
> modifications. PUT is only practically idempotent if only one user is
> modifying the resource, as far as I can tell.
That's a good point.
Is it possible for HTML 5 spec to say that browsers may re-send PUT without asking? (and that authors should use PUT only when resending is not going to cause this problems).
regards, Kornel Lesinski
More information about the whatwg