http post - show "webpage has expired" on back button

Question

What is the requirement for the browser to show the ubiquitous "this page has expired" message when the user hits the back button?

What are some user-friendly ways to prevent the user from using the back button in a webapp?

Answer 1

Well, by default whenever you're dealing with a form POST, and then the user hits back and then refresh then they'll see the message indicating that the browser is resubmitting data. But if the page is set to expire immediately then they won't even have to hit refresh and they'll see the page has expired message when they hit back.

To avoid both messages there are a couple things to try:

1) Use a form GET instead. It depends on what you're doing but this isn't always a good solution as there are still size restrictions on a GET request. And the information is passed along in the querystring which isn't the most secure of options.

-- or --

2) Perform a server-side redirect to a different page after the form POST.

Looks like a similar question was answered here:

Redirect with a 303 after POST to avoid "Webpage has expired": Will it work if there are more bytes than a GET request can handle?

As a third option one could prevent a user from going back in their browser at all. The only time I've felt a need to do this was to prevent them from doing something stupid such as paying twice. Although there are better server-side methods to handle that. If your site uses sessions then you can prevent them from paying twice by first disabling cache on the checkout page and setting it expire immediately. And then you can utilize a flag of some sort stored in a session which will actually change the behavior of the page if you go back to it.