More About Post-Redirect-Get

Since using Post-Redirect-Get does not prevent someone deliberately resubmitting the same data a second time (or more) I will start by stating that what follows assumes that you have already built safeguards into your code to ensure that resubmitting the same data is appropriately handled regardless of how that double submission is done.

What this means is thatmany browsers will not have any issues with using the Back and Forward buttons to navigate between web pages regardless of whether those pages are the destination of posted data or not.The most commonly used browsers that will not just allow you to navigate to pages that have post data the same as for any other pages are the various versions of Internet Explorer. In those browsers instead of displaying the web page immediately the browser instead issues a warning that displaying the page will reprocess the data that was posted to it.

Now since you have your pages constructed in such a way that resubmitting the same data is correctly handled on the back end the warning message that IE produces is unnecessary as we know that it doesn't matter if the browser reprocesses the data.Other browsers do not produce this warning and we do not care whether those browsers do or don't reprocess the data sent to them.

What this means is that our use of Post-Redirect-Get is going to be there primarily to get rid of the warning messages in Internet Explorer. It is unnecessary in all the browsers that do not produce the warning because we don't need it to eliminate the possibility of data being accidentally resubmitted because we have our code set up to correctly handle when the data is deliberately resubmitted (something Post-Redirect-Get can't prevent).

Now using Post-Redirect-Get is very straightforward when we can split the processing into two parts where the first part processes the pst data and the second part displays the new web page without needing any of the data from the first part in order to do so. All we do there is to split the actual processing into two separate web pages where the first does the processing and then does a 303 redirect to the second page which displays in the browser.

The problem arises where we need data to be passed from the first part of this process to the second part. Now there are two ways we can pass this data - we can use session variables or we can generate a querystring containing the data and add it to the end of the URL when we do the redirect. What we can't use to pass the data from one to the other is Post since avoiding the associated problems with post is what the redirect and get are there for in the first place.

Now session variables may work successfully for this purpose where you are concerned with just a single standalone form where the person may go back to the form after submitting it. The problem with using session variables arises though where you have more than one lot of post data and your visitors can go back through several such forms. Then you have the issue of making sure that the session variables created when one form is submitted do not overwrite session variables created when another form (or the same form with different data) is submitted. With an application you could soon end up with thousands of session variables and unless you add something in the querystring of each page to identify which group of session variables to apply will soon have the pages lose track of what data it is that they are supposed to be displaying.

Since you are going to need something in the querystring anyway, it may be simpler to just copy all of the post variables into the querystring right at the start when you do the redirect. That way you will not need any special code to handle where the person has hit the back button a dozen times wanting to backtrack through all of the updates they have submitted using the same form since each URL stored in the history will have all of the associated data attached to it for the back button to collect without it havinh to read anything special.

If you do take this approach then your page display processing will need to read in the same Get data as the update processing that precedes it reads Post data.

When you consider that you are doing all this just to avoid a few warning messages in Internet Explorer it may not be worth doing - particularly if it is in a section of your site where only a few people have access and where those who do can easily choose to use a different browser that does not produce the warnings in the first place.


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow