Lets try that again.. this time without the accidental hit on the send button.
On 1/6/07, paulh <[EMAIL PROTECTED]> wrote:
The subject is a phrase cut from one of the Django tutorials. In this tutorial the authors say that after successfully processing POST data you should return an HttpResponseRedirect and that this will prevent the user using the back button and taking the action again. I have messed around with the newforms library a bit, but I can't figure out quite how to achieve the effect described above whereby the user is denied use of the back button.
You appear to have misunderstood the intent of this passage (or the tutorial isn't clear enough). The redirect isn't there to _deny_ access to the back button; the redirect pushes the user to another page, so if they _do_ hit the back button, what the browser displays is the HTTP GET that returned the original form, not the HTTP POST that submitted the form data. If the last page in the browser history was obtained in response to a HTTP POST, pressing back in the browser causes the POST to be resubmitted, which results in the form values being resubmited. You may have seen this on (badly written) web sites that have 'Please don't use the back button' warnings on them. They do this because in the absence of a redirect, when you _do_ press the back button, you get browser generated dialog boxes requesting whether you want to resubmit old POST data. If your history contains multiple POSTs in a row, then each hit on the back button resubmits older and older data to the server. By including the redirect, the browser history only contains the HTTP GETs, which don't modify the server, so the user can use their browser history without accidentally resubmitting old form data. I hope this answers your question. If you need any more explanation, let us know; if everything is now clear, any suggestions you have on how to clarify this section of the tutorial would be greatfully accepted. Yours, Russ Magee %-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
