Re editing... this question has NOT been answered before!
I had understood that changing the contents of a current page with window.location replaced the cached version of the original page ( from the "last" history), so that you really couldn't go back with the browser BACK button. I had even seen this posted as a solution to preventing a malicious visitor from using the BACK button to to re-submit a mail form many times. But it is NOT workable because in the case of a mail form, the BACK button will just take the user back to the pre-POST version of the page.
So, I can use javascript to reset the form, disable the SUBMIT button, change to another page after success, or do whatever I want to the page. But its all for nothing if a simple click of the BACK button followed by SUBMIT causes the form to post again with just 2 clicks.
I know there are a lot of solutions to preventing malicious form resubmissions I can try, but I've had trouble getting them to work, and so I'd just like to know if removing the last history is a dead end. If there is a way, and it is pretty cross browser friendly, then I can just make it part of my scripted actions once my form is successfully processed, and my "thank you" page displays. Basically I'd want my "thank you" page's 'onload' event to either erase the last history, or in a browser compatible way disable the BACK button!
For what its worth, I've included code from simple test I've been working with. You can put some junk in the fields and hit submit. The vars are cleared in the PHP, the form fields are force cleared in javascript, and a new 'location' is invoked. Unfortunately, hitting BACK button will take you back to the "pre-posted" form, with all the strings you added still intact.
<!DOCTYPE HTML>
<html>
<head>
<title> Form Behavior Test</title>
</head>
<!--
<?php
$name = $email = $comments = "";
$formDone = false;
if ($_SERVER["REQUEST_METHOD"] == "POST" )
{
$formDone = true;
$name = $email = $comments = "";
}
?>
-->
<body >
<table border="1"><tr><td style ="text-align:right;" width=100%>
<form name="contactform" id="contactform" method="post" enctype="multipart/form-data" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" id="name" value="<?php echo $name;?>"><br>
Email: <input type="text" name="email" id="email"value="<?php echo $email;?>"><br>
<br>
<div align="center"> ---- <span class="error">*</span> Message ---- <br>
<textarea name="comments" id="comments" wrap="physical" cols="40" rows="10" ><?php echo $comments;?></textarea>
</div>
<input name="submit" id="submit" type="submit" value="Submit" >
</form>
</td></tr></table>
<script language="JavaScript">
if (<? echo ($formDone == true) ? 'true' : 'false'; ?>)
{
document.getElementById("name").value = "";
document.getElementById("email").value = "";
document.getElementById("comments").value = "";
document.getElementById("submit").value="Disabled";
document.getElementById("submit").disabled=true;
// substitute with a thank you page
window.location = "http://google.com";
}
</script>
</body>
</html>
答案 0 :(得分:0)
经过详尽的搜索,我不相信有任何方法可以从历史记录中删除页面,除了支持更新的HTML-5历史记录方法的最新浏览器。我仍然对解决方案持开放态度,但此时我觉得最简单的事情就是在我的PHP代码处理成功的电子邮件时随时设置cookie。然后,我也可以让PHP或javascript片段查找cookie,如果找到,我可以采取各种操作...擦除所有填充的字段(如果按下BACK按钮将会是这样),阻止电子邮件,礼貌地通知用户他/她必须等待(直到我的cookie到期)通过表格发送另一封电子邮件等。
我最初不想这样做,因为BACK按钮实际上没有重新加载页面,只是显示它。如果有一个通用浏览器兼容的方式来使后退按钮实际重新加载的页面,这开始就不会是一个问题。因此,即使使用cookie,我的防御动作也无法激活,直到按下SUBMIT按钮。我想我可以忍受。而且,即使在今天,也有些人对饼干偏执并将其关闭。但是,如果我想坚持下去,我可以检测到何时无法设置cookie,并告知用户使用我的电子邮件表单需要cookie。如果这太划算了,那就太好了!
感谢那些贡献的人。事实是,答案的缺乏有时是一个非常有用的答案。当我在任何stackoverflow论坛上发帖并且没有得到任何答案时,它是一个很好的红旗,如果我不考虑替代方法,事情会变得非常快! : - )