Asp.net anti-Refresh repeated submission and anti-Rewind solution set!

Source: Internet
Author: User
Tags rewind

1. Disable the submit button after submission (such as csdn)
2. If data processing is successful, you will be redirected to another page immediately!

Refresh after the operation is indeed a problem. You can use to jump to the page and close this page. If there is a parameter data condition to control it, it should be done well. You can directly modify the window. the value of location to change all the parameter values. The above method is used.
 

Document. All ("Save _" + idx). Disabled = true;

A brother just asked this question very easily.
Before submitting the page, that is, before processing the database
If SESSION ("JY") = true then
Response. Write "error, submitting"
Response. End
End if
Release the session ("JY") after the database is processed ")
Session ("JY") = false
You can!

Use session or a troublesome method:

Use window. Open to pop up the form input page. Click Submit to close the page;

The ASP page for processing the submission is also displayed, that is, the target of the form is set to "submit_form" first, and the window is displayed when you click Submit. open ("XXX. ASP "," submit_form "), then use js to submit the form, and finally window. close ();

On the ASP page for processing the submitted data, after entering the data to the database, a dialog box is displayed, indicating "submitted successfully" or something. Finally, a window. Close () is displayed ();

Because for Windows. open. when close () is used to close the window, a prompt box will not pop up, and the window will be closed directly, so that the user has no chance to submit it again.

I don't know what this means.
 
 
2. If data processing is successful, you will be redirected to another page immediately!
This method is the simplest
 
(Borrow Principles)

First, we can define a session variable to save the Submission serial number of a form. Here I define it as "$ userlastaction ". Then add a Hidden variable to the form and set the value to $ userlastaction + 1:
<Input type = hidden name = lastaction value = <? = $ Userlastaction + 1?>
Finally, determine whether the form has been submitted before processing and submission:
If ($ lastaction> $ userlastaction and inputisvalid (...)){
$ Userlastaction ++; // Add 1 to the serial number
// Process form data
}
I always use this
Your background processing page, that is, the data receiving page. After performing the relevant operations, use the following statement:
Response. write ("<SCRIPT> alert ('data submitted successfully ****** '); window. location. href = 'address of the page to be redirected '; </SCRIPT> ")
In this way, the dialog box "data submitted successfully ******" is displayed.


Top

Respondent: arcow (Chong xing) () Credit: 100 17:09:40 score: 0


?
<Script language = "JavaScript">
<! --
Function input (OK)
{
VaR M1 = OK. replycontent. value;
If (M1 = ''){
Alert ('reply content cannot be blank .');
Return false;
}
OK. b1.disabled = true;
OK. b2.disabled = true;
Return true;
}
// -->
</SCRIPT>
<Form onsubmit = "Return input (this)">
<Input type = text name = replycontent>
<Input type = "Submit" value = "reply" border = "0" name = "B1">
<Input name = "B2" type = "reset" value = "re-write">
</Form>

In this way, submit and directly go to another page.
 
 
 
1. Submit and return historical records
Response. Write "<SCRIPT> alert ('OK! Added successfully! '); History. Back (); </SCRIPT>"
2. Go to this page after submission
Response. Redirect "index. asp"
 
Response. Write "<script language = JavaScript> alert ('submitted successfully! '); Window. Location. href =' "& request. servervariables (" http_referer ") &" '; </SCRIPT>"
========================================================== ===

Prevent web page bounce

When we add a database, if the database is allowed to be removed and the page is refreshed, the addition operation will be executed again, which is undoubtedly not what we need, as in general, there are a lot of online cache prohibitedCodeSometimes it is not reliable. You only need to add <body onbeforeunload = "window. location. replace ('')"> You can specify the new page to be targeted in the webpage, and then click back to see if it will not return to the previous operation page, actually, this history has been deleted.
======================================
Response. Buffer = true;
Response. expiresabsolute = datetime. Now. addseconds (-1 );
Response. expires = 0;
Response. cachecontrol = "no-Cache ";
============

How does session prevent page refresh and rollback?
 
 

 

Can the friend provide the error code? Thank you.

 
Reply to: duguyila (Lone Wolf) () Credit: 28 12: 35: 02z score: 0
 
 
?
Urgent! Up!

 
Top
 
Reply to: zyhowe (★☆Www.zyhowe.com ☆★) () Credit: 95 2003-03-18 12: 36: 43z score: 0
 
 
?
Sub expirepage
Response. Buffer = true
Response. expiresabsolute = now ()-1
Response. expires = 0
Response. cachecontrol = "no-Cache"
End sub

 
Top
 
Reply to: wangwanfu (wangwanfu) () Credit: 91 12: 39: 51z score: 0
 
 
?
Up

 
Top
 
Reply to: julyclyde (ASP versionCommunityStar) () reputation: 144 13: 01: 06z score: 0
 
 
?
Not available
The back operation belongs to the client. If you read the hard disk, the session cannot be managed at all.

 
Top
 
Reply to: duguyila (Lone Wolf) () Credit: 28 13: 02: 56z score: 0
 
 
?
Where is the above Code placed? How to call it?
Sorry, I am a newbie. Please take care of me more. Thank you.

 
Top
 
Reply to: jobine (yurendu) () Credit: 160 13: 07: 31z score: 0
 
 
?
<%
Response. Buffer = true
Response. expiresabsolute = now ()-1
Response. expires = 0
Response. cachecontrol = "no-Cache"
Response. addheader "Pragma", "No-Cache"
%>
Put it in the page header. Using session cannot prevent reverse refresh.

 
Top
 
Reply to: duguyila (Lone Wolf) () Credit: 28 13: 08: 22z score: 0
 
 
?
What about refreshing this function?
Can it be implemented?

 
Top
 
Reply to: zxhong (half-day transparent) () Credit: 202 13: 27: 23z score: 0
 
 
?
Prevent page refreshing: F5 and right-click can be blocked in Js.
ASP can pass database Verification
Session cannot be implemented.

 
Top
 
Reply to: jtmoon (Xiaoyao thieves) () Credit: 234 14: 35: 45z score: 0
 
 
?
Comprehensive inspection of "Disable the browser back button"
-4-12 mobile network pioneer

The browser's back button makes it easy for us to return to previously accessed pages, which is undoubtedly very useful. But sometimes we have to disable this function
Prevents users from disrupting the order of page access. This article describes various methods for disabling the browser's back button on the network, analyzes their respective advantages and disadvantages and
Usage.

I. Overview
Many people once asked, "How can we 'deactivate 'the browser's back button ?", Or "how can we prevent users from clicking the back button to return to the previous response ?"
Page ?" This is also one of the most frequently asked questions on the ASP forum. Unfortunately, the answer is very simple: we cannot disable browser fallback.
Button.

At first, I felt incredible that someone wanted to disable the browser's back button. Later, I saw that there were so many people who wanted to disable this and press
Button (only the back button is disabled, not the browser's forward button ). Because by default, after a user submits a form
Go back to the form page (instead of using the "edit" button !), Edit and submit the form again to insert a new record to the database. This is what we do not
Hope to see.

Therefore, I decided to find a way to avoid this situation. I visited many websites and referred to various implementation methods described by these websites. If you
I often visit ASP programming websites. You may have seen some of the content introduced in this article. The task in this article is to introduce all possible methods to you, and then find
The best way!

Ii. Disable caching

Among the many solutions I have found, it is recommended to disable page caching. Specifically, the server script is used as follows:

<%

Response. Buffer = true

Response. expiresabsolute = now ()-1

Response. expires = 0

Response. cachecontrol = "no-Cache"

%>

 

This method is very effective! It forces the browser to re-access the server download page instead of reading the page from the cache. When using this method, the programmer's master
The task is to create a session-level variable to determine whether the user can still view the page that is not suitable for access by the back button. Because
The browser no longer caches this page. When the user clicks the back button, the browser downloads the page again.ProgramYou can check the session variable to see if
Users should be allowed to open this page.

For example, suppose we have the following form:

<%

Response. Buffer = true

Response. expiresabsolute = now ()-1

Response. expires = 0

Response. cachecontrol = "no-Cache"

If Len (Session ("firsttimetopage")> 0 then

& Single; the user has accessed the current page, and now returns access again.

& Single; clear session variables and redirect users to the logon page.

Session ("firsttimetopage") = ""

Response. Redirect "/bar. asp"

Response. End

End if

& Single; if the program runs here, the user can view the current page

& Single; create a form from below

%>

<Form method = post action = "somepage. asp">

<Input type = submit>

</Form>

 

We use the session variable firsttimetopage to check whether the user has accessed the current page for the first time. If it is not the first time (that is, the session
("Firsttimetopage") contains a value.) then, we clear the value of the session variable and redirect the user to a start page. In this way, when the form
At the time of submission (sompepage. asp is enabled at this time), we must assign a value to firsttimetopage. That is, in somepage. asp, we need to add the following
Code:

Session ("firsttimetopage") = "no"

 

In this way, if a user who has already opened somepage. asp clicks the back button, the browser will re-request the server to download the page, and the server will check the session
("Firsttimetopage") contains a value, so the session ("firsttimetopage") is cleared and the user is redirected to another page. Of course, all
All of this requires the user to enable the cookie, otherwise the session variable will be invalid. (For more information about this problem, see for session variables.
To work, must the web visitor have cookies enabled ?)

In addition, we can also use the client code to make the browser no longer cache web pages:

<HTML>

<Head>

<Meta http-equiv = "expires" content = "0">

<Meta http-equiv = "cache-control" content = "no-Cache">

<Meta http-equiv = "Pragma" content = "no-Cache">

</Head>

 

If you use the above method to force the browser to stop caching web pages, pay attention to the following points:

"Pragma: No-Cache" prevents the browser from caching pages only when secure connections are used. For pages that are not protected by security, "Pragma: No-Cache"
It is considered to be the same as "expires:-1". In this case, the browser still caches the page, but marks the page as expired immediately.
In IE 4 or 5, the cache-control meta HTTP-EQUIV tag is ignored and does not work.
We can add all the code in practical applications. However, this method is not recommended because it cannot be applied to all browsers. However
In an Intranet environment, the administrator can control which browser the user uses. I think someone will use this method.

Iii. Other Methods

Next we will discuss the method to move the button back itself as the center, rather than the browser cache. Here is an articleArticleRewiring The back button is very
It is worth your reference. However, if this method is used, even if you click the back button, the user will not see the previous data input page
This is not the expected result because stubborn users can always find a way to bypass preventive measures.

Another way to disable the back button is to open a window without a toolbar with client JavaScript, which makes it difficult for users to return to the previous page,
Not impossible. A safer but rather annoying method is to open a new window when the form is submitted, while closing the window where the form is located. But I think
This method is not worth considering, because we cannot open a new window every time a user submits a form.

So, can we add JavaScript code to the page we don't want the user to return? The javascript code added to this page can be
It is used to produce the effect of clicking the forward button, which offsets the action generated by the user clicking the back button. The javascript code used to implement this function is as follows:
As shown in:

<Script language = "JavaScript">

<! --

Javascript: window. History. forward (1 );

// -->

</SCRIPT>

 

Similarly, although this method is effective, it is still far from the "best method. Later, I saw someone suggested using location. Replace from
Go to another page. The principle of this method is to replace the current historical record with the URL of the new page, so that there is only one page in the browsing history record.
The return button will never become available. I think this may be the method that many people are looking for, but it is still not the best method in any situation. This
The method example is as follows:

<A href = "pagename.htm" onclick = "javascript: location. Replace (this. href );

Event. returnvalue = false; ">

Do not go back to the link on this page </a>

 

Try the following link:

Do not go back to the link on this page!

The disadvantage of this method is that simply using response. Redirect will no longer work, because every time a user transfers from one page to another,
We must use the client code to clear location. History. Note that this method clears the last access history, not all
.

Click the link above to open a simple HTML page. Click the back button. You can see that this page is not opened, but the current page.
Previous Page! (Of course, you must enable the client JavaScript code in the browser .)

After careful searching, I found that I still cannot find a way to completely disable the browser's back button. All methods described here
Users can be prohibited from returning to the previous page in different ways to varying degrees, but they all have their own limitations. Because the button does not exist, you can disable the button.
So the best solution is to mix client scripts and server scripts.

 
Top
 
Reply to: julyclyde (ASP community star) () Credit: 144 18: 36: 58z score: 0
 
 
?
The above is so long that only one sentence is useful.
That is:
I still cannot find a way to completely disable the browser's back button

 
 
Questions about page refresh (move back and try again !)
 
 

 

That is, I have an "APPEND" button on my webpage. Each added function needs to be matched in a CSV file to see if it exists. If it exists, it can be added to the table normally, otherwise, the system prompts that the function does not exist!
I am using CGI. In CGI processing, a label is added to JS. If the function does not exist, the label is //, indicating that this statement is closed, if a label is a space, this alert statement is not affected!
But now there is a problem in IE display! The page is displayed normally, but if you click back to move forward, the alert window will pop up! My JS function is called in onload (). It is called when the screen is displayed !!
How can this problem be solved !!!!? Thank you!

 
Reply to: hrong (Huang Rong was banned) () Credit: 103 22: 28: 02z score: 20
 
 
?
Set the page to not cache on the client:
Html
<Meta HTTP-EQUIV = "Pragma" content = "no-Cache">
<Meta HTTP-EQUIV = "cache-control" content = "no-cache, must-revalidate">
<Meta HTTP-EQUIV = "expires" content = "wed, 26 Feb 1978 08:21:57 GMT">

 
Top
 
Reply to: supere (humbly asking for advice) () Credit: 69 2003-11-24 22: 49: 15z score: 20
 
 
?
You can force the page not to be cached.

The webpage will not be cached

Htm webpage
<Meta HTTP-EQUIV = "Pragma" content = "no-Cache">
<Meta HTTP-EQUIV = "cache-control" content = "no-cache,

Must-revalidate ">
<Meta HTTP-EQUIV = "expires" content = "wed, 26 Feb 1997

08:21:57 GMT ">
Or <meta HTTP-EQUIV = "expires" content = "0">
ASP Web Page
Response. expires =-1
Response. expiresabsolute = now ()-1
Response. cachecontrol = "no-Cache"
PHP webpage
Header ("expires: Mon, 26 Jul 1997 05:00:00 GMT ");
Header ("cache-control: No-cache, must-revalidate ");
Header ("Pragma: No-Cache ");

 
Top
 
Reply to: nakusakula (121) () Credit: 100 2003-11-25 02: 01: 16z score: 0
 
 
?
<Meta HTTP-EQUIV = "Pragma" content = "no-Cache">
<Meta HTTP-EQUIV = "cache-control" content = "no-cache, must-revalidate">
<Meta HTTP-EQUIV = "expires" content = "wed, 26 Feb 1978 08:21:57 GMT">
Can I join this? No-Cache are all fixed calls? Wed, 26 Feb 1978 08:21:57 GMT is this item required?

 
Top
 
Reply to: colee (romantic surprise) () Credit: 102-11-25 10: 07: 30z score: 10
 
 
?
The expiration time must be set before the current time.

 
Top
 
Reply to: nakusakula (121) () Credit: 100-11-26 11: 13: 48z score: 0
 
 
?
Okay. Thank you !! Solve the problem!

 
Top
 
 
 

This problem has been fixed, score records: hrong (20), supere (20), colee (10 ),
 
 

How can I Invalidate the "back" and "refresh" buttons of a webpage?
 
 

 

I randomly selected some questions on a webpage and called the clock timing in onload. Once the clock is refreshed, the countdown starts again, and the randomly selected question changes. If you move back, the entered answer is still there, and the clock starts again. So how can I disable the backend and refresh buttons of a webpage?

 
Reply to: leo1999 (definitely care about you) () Credit: 89 12: 11: 27z score: 0
 
 
?
Simply don't want them.

Use window. open () to open it.

 
Top
 
Respondent: duanyuana (yufei) () Credit: 100 12: 13: 50z score: 0
 
 
?
I made an examination system and had such problems.

 
Top
 
Reply to: Mustapha (O ~ U gain) () reputation: 84 12: 15: 00Z score: 0
 
 
?
Use window. open () has a problem. First, use the program to control the original window to turn it off (windows. there will be a prompt before close, and then use window in the Opened Window. open (), the specified window size is invalid.

 
Top
 
Respondent: piaomiao_jxz (heixinyu) () Credit: 95 13: 11: 23z score: 0
 
 
?
You should make it possible that when a candidate enters the system, it will randomly take a fixed examination paper, no matter how many times he refreshes, the examination questions will not change.
To keep others behind, I only think of window. open (). Let it go backwards.

 
Top
 
Respondent: whcasp (Smile Life) () Credit: 94 13: 18: 31z score: 0
 
 
?
Buffer = false

 
Top
 
Respondent: dgsrest () Credit: 91 13: 24: 06z score: 0
 
 
?
Disable page caching. Specifically, the server script is used as follows:
<%
Response. Buffer = true
Response. expiresabsolute = now ()-1
Response. expires = 0
Response. cachecontrol = "no-Cache"
%>
 

 
Top
 
Respondent: piaomiao_jxz (heixinyu) () Credit: 95 11: 13: 47z score: 0
 
 
?
The browser's back button makes it easy for us to return to previously accessed pages, which is undoubtedly very useful. But sometimes we have to disable this function to prevent users from disrupting the order of page access. This article describes various methods for disabling the browser's back button on the Internet, and analyzes their advantages and disadvantages and applicable scenarios.

I. Overview
Many people once asked, "How can we 'deactivate 'the browser's back button ?", Or "how can we prevent users from clicking the back button to return to previously browsed pages ?" This is also one of the most frequently asked questions on the ASP forum. Unfortunately, the answer is very simple: we cannot disable the browser's back button.

At first, I felt incredible that someone wanted to disable the browser's back button. Later, I was relieved to see that there were so many people who wanted to disable this button (only the back button, not the browser's forward button ). By default, after submitting a form, you can use the back button to return to the form page (instead of using the "edit" button !), Edit and submit the form again to insert a new record to the database. This is what we don't want to see.

Therefore, I decided to find a way to avoid this situation. I visited many websites and referred to various implementation methods described by these websites. If you frequently access ASP programming websites, you may have seen some of the content introduced in this article. The task in this article is to introduce all possible methods and find the best method!

Ii. Disable caching

Among the many solutions I have found, it is recommended to disable page caching. Specifically, the server script is used as follows:

<%

Response. Buffer = true

Response. expiresabsolute = now ()-1

Response. expires = 0

Response. cachecontrol = "no-Cache"

%>

This method is very effective! It forces the browser to re-access the server download page instead of reading the page from the cache. When using this method, the programmer's main task is to create a session-level variable, using this variable to determine whether the user can still view the page that is not suitable for access through the back button. Because the browser no longer caches this page, when the user clicks the back button, the browser will re-download the page, then the program can check the session variable to see whether the user should be allowed to open this page.

For example, suppose we have the following form:
<%

Response. Buffer = true
Response. expiresabsolute = now ()-1
Response. expires = 0
Response. cachecontrol = "no-Cache"
If Len (Session ("firsttimetopage")> 0 then
& Single; the user has accessed the current page, and now returns access again.
& Single; clear session variables and redirect users to the logon page.
Session ("firsttimetopage") = ""
Response. Redirect "/bar. asp"
Response. End
End if
& Single; if the program runs here, the user can view the current page
& Single; create a form from below
%>
<Form method = post action = "somepage. asp">
<Input type = submit>
</Form>

We use the session variable firsttimetopage to check whether the user has accessed the current page for the first time. If it is not the first time (that is, the session ("firsttimetopage") contains a value), we will clear the value of the session variable and redirect the user to a start page. In this way, when the form is submitted (sompepage. asp is opened at this time), we must assign firsttimetopage a value. That is, we need to add the following code in somepage. asp:

Session ("firsttimetopage") = "no"

In this way, the somepage has been enabled. if ASP users click the back button, the browser will re-request the server to download the page. The server checks that session ("firsttimetopage") contains a value, so the session ("firsttimetopage") is cleared "), and redirect the user to other pages. Of course, all of this requires the user to enable the cookie, otherwise the session variable will be invalid. (For more information about this issue, see for session ariables.
To work, must the web visitor have cookies enabled ?)
In addition, we can also use the client code to make the browser no longer cache web pages:

<HTML>
<Head>
<Meta http-equiv = "expires" content = "0">
<Meta http-equiv = "cache-control" content = "no-Cache">
<Meta http-equiv = "Pragma" content = "no-Cache">
</Head>

If you use the above method to force the browser to stop caching web pages, pay attention to the following points:
"Pragma: No-Cache" prevents the browser from caching pages only when secure connections are used. For unprotected pages, "Pragma: No-Cache" is considered to be the same as "expires:-1". In this case, the browser still caches the page, but marks the page as expired immediately. In IE 4 or 5, the cache-control meta HTTP-EQUIV tag is ignored and does not work.
We can add all the code in practical applications. However, this method is not recommended because it cannot be applied to all browsers. However, in an Intranet environment, the administrator can control which browser the user uses. I think someone will use this method.

Iii. Other Methods
Next we will discuss the method to move the button back itself as the center, rather than the browser cache. Here is an article rewiring the back button for reference. However, I have noticed that if this method is used, even though the user does not see the previous data input page when clicking the back button, it only needs to be clicked twice, which is not the expected effect, many times, stubborn users can always find a way to bypass preventive measures.
Another way to disable the back button is to open a window without a toolbar with client JavaScript, which makes it difficult for users to return to the previous page, but not impossible. A safer but rather annoying method is to open a new window when the form is submitted, while closing the window where the form is located. However, I think this method is not worth considering, because we cannot open a new window every time a user submits a form.
So, can we add JavaScript code to the page we don't want the user to return? The javascript code added to this page can be used to produce the effect of clicking the forward button, which offsets the action generated by clicking the back button. The javascript code used to implement this function is as follows:
As shown in:

<Script language = "JavaScript">
<! --
Javascript: window. History. forward (1 );
// -->
</SCRIPT>

Similarly, although this method is effective, it is still far from the "best method. Later, I saw someone suggested using location. Replace to switch from one page to another. The principle of this method is to replace the current history with the URL of the new page, so that there is only one page in the history browsing, and the back button will never become available. I think this may be the method that many people are looking for, but it is still not the best method in any situation. The example using this method is as follows:

<A href = "pagename.htm" onclick = "javascript: location. Replace (this. href );

Event. returnvalue = false; ">

Do not go back to the link on this page </a>
Do not go back to the link on this page!
The disadvantage of this method is that simply using response. Redirect will no longer work, because every time a user transfers from one page to another, we must use the client code to clear location. History. Note that this method clears the last access history, not all access records.
Click the link above to open a simple HTML page. Click the back button to open the page instead of the page! (Of course, you must enable the client JavaScript code in the browser .)
After careful searching, I found that I still cannot find a way to completely disable the browser's back button. All the methods described here can prohibit users from returning to the previous page in different ways to varying degrees, but they all have their own limitations. Because there is no way to completely disable the back button, the best solution should be to mix client scripts and server scripts.
<HTML>
<Head>
<Meta http-equiv = "expires" content = "0">
<Meta http-equiv = "cache-control" content = "no-Cache">
<Meta http-equiv = "Pragma" content = "no-Cache">
</Head>

 

<Script language = "JavaScript">
<! --
Javascript: window. History. forward (1 );
// -->
</SCRIPT>

 
Top
 
Respondent: cabecbbc () Credit: 100 11: 56: 06z score: 0
 
 
?
We recommend that you do not use a countdown clock. Use a regular timer ,,,,

the countdown increases the pressure on the examinee and the score decreases.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.