Bernard Lange <bernard <at> man.poznan.pl> writes: > I would suggest adding redirect-after-POST pattern > <http://www.theserverside.com/tt/articles/article.tss?l=RedirectAfterPost>, > to circumvent subsequent form submissions. > > It is especially desirable for the login screen form , because at > present it is unsafe. (please check the following sequence: login -> > logout -> back button -> refresh : voilla! your account was stolen)
Thanks, Bernard. What you've said sounds very logical, but I can't recreate the situation described. I tried 3 different browsers but in each case the Refresh button produced a GET and not a POST. Can you tell me more? Geoff --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
