- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Sun, 24 May 2009 11:50:38 -0400
On Sun, May 24, 2009 at 11:41 AM, Kornel Lesinski <kornel at geekhood.net> wrote: > It only needs to keep it as long as Back history is kept, and could get > rid of it as soon as this entry is removed from Back/Forward history. In practice, that history can be kept for a long time. Even if the tab is closed, "undo close tab" still keeps the history. Even if the browser closes, the old session may be kept in newer browsers. But as long as it's kept for long enough that it's very rare to see the message, I don't think it's a big problem. > You store the data on server side, and redirect to URL that contains > unique ID for this data. > > It's just a few lines in PHP (and similar solutions shuold be possible in all web frameworks): > > $id = uniqid(); > $_SESSION[$id] = $_POST; > header("Location: [?]/result.php?id=$id",false,303); > > and later: > > $_POST = $_SESSION[$_GET['id']]; > > This works even for multiple submissions done in parallel and it's pretty > secure and tamper-proof. That does seem like a pretty good solution. Perhaps Mike Wilson can point out the problems with it. > Is it possible for HTML 5 spec to say that browsers may re-send PUT without asking? (and that authors should use PUT only when resending is not going to cause this problems). When would that be?
Received on Sunday, 24 May 2009 08:50:38 UTC