Hi,

I'm having a django view, that works for GET and POST requests.

Basically une can view some data with GET
and add / moify data with a tiny form and POST

As the data can change I added a refresh button and this works fine.

The problem is just, that some users don't use it but insist on using
the F5 (reload) key of their browser.


F5 works also well if the previous request was a GET request.

However if the previous request was a POST request the browser rebosts
and fould thus add some data a second time.


Now my question:

How to fix this best I have some (untested) ideas, but am not sure
what's best.

1.) redirect to same url after post.
=======================================
I assume if I would redirect after the post, thet I would then have the
same page with a get request and subsequent reloads would thus work.

What I don't like is, that this would cause one request more to the
server and thus slightly increase he load of the server and reduce the
latency especially on slow networks (mobile phones)

2.) add some values into the form, which allow detecting a second post
======================================================================

I could add a hidden unique value to the post, which would allow me to
detect, that this post has been made already.
If I detect such a double POST, I could ignore it.



3.) Try to solve the issue on the browser side
==============================================

I'm not that experienced, but perhaps some javascript code in the
templates could ensure, that F5 is either blocked or converted to a GET
request???

Or perhaps js could change the url (adding a get parameter) such, that I
can detect a repost by F5



Please note:
What I try to do here is not protecting the site against malicious users.
I try to protect it against accidental reposts. The views in question
do allow multiple posts of the same data and this is useful if done
intentionally by a user. It should just not happen if somebody just
wants to refresh the screen with F5.








-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to