[Catalyst] preserve the URL in browser box
Bill Moseley
moseley at hank.org
Thu Jan 19 16:03:43 CET 2006
On Thu, Jan 19, 2006 at 09:57:19AM +0100, A. Pagaltzis wrote:
> When the browser gets a redirect back from a POST, it forgets
> the POST. So a user clicking Back will go back the form, but
> if they then click Forward, the browser goes directly to the
> redirect target and does not attempt to repeat the POST.
If double posting can cause problems then I would also use some other
safeguard than just relying on the browser, such as a single use
token.
> (And please don???t use 302; in practice 302 works because
> browsers have to accomodate that everyone does this wrong, but
> 303 is the correct status to use, and is supported just as
> well.)
Would it be wise to check the http version and only send 303 on 1.1,
and otherwise fall back to 302?
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list