hitting f5 after clicking the submit button

cali_dotcom

i have a php application where users can apply for a bonus. but there is a confirmation page before the bonus redemption code runs. the issue is that in IE, if you hit f5 right after you click the continue button, the confirmation page refreshes while the bonus redemption code had already been triggered by the continue button and actually goes through. but because the user still sees the confirmation page, they would hit the continue button again and now they get an error cause they are already registered.

is there a way i can disable the f5 button using javascript? is this the best way to go about this? i have tried many scripts i found online to do this, but none of them achieves it. is there a better way i can go about this? perhaps from the application side?

any input will be appreciated.

traq

You need to be addressing this in your application, not in the user's browser. The confirmation page needs to be smart enough to simply show the same redemption code again instead of showing an error.

Weedpacket

As traq says, this is something that needs to be handled by the application; a double-submission could happen for other reasons that disabling bits of the user's normal and expected interface won't guard against.

A thread started seven hours ago in this forum on just this subject is Prevent Back Refresh from submitting data.

cali_dotcom

this is kind of hard to handle at the application level because when u hit f5 when the page is reloading, the loading cant be stopped but the user is still brought back to the confirmation page unaware that the submission has already gone thru. then they hit submit again.

traq

You cannot effectively control the user's browser, nor should you try. This is the responsibility of the user. Allowing developers to take over creates security risks (remember 1999, when sites could open endless alert boxes and popups to prevent you from navigating away from their site?). Even if you managed to create a script that blocks the F5 button, browser vendors would be hard at work closing whatever bit of code you exploited to do it, and users (security-minded ones, anyway) would be mad at you. You need to handle this on the server-side, not the client-side.

Did you read the other thread that weedpacket linked to? The same concept applies. Your form needs to include a "token" so your scripts can recognize it. When a form is successfully processed, save the results. If the same form is submitted again, don't show an error: show the results from the first time.