preventing browser back-tracking and cache control

**Vince Morgan** · Feb 8 '08, 01:35 AM

Re: preventing browser back-tracking and cache control

"Acerola" <dh50@yahooo.co mwrote in message
news:dh50-A7F5AB.12222207 022008@news.us. easynews.com...

I did a quiz, where at the end, the user certifies. It was brought to my
attention that after certification, the user could just hit the back
button and submit another certification (for example, maybe a co-worker)
without going through the quiz.
>
There is no login involved. Is there a way, or, what is the best way to
prevent the user from going back?
>
I've tried:
>
header("Cache-Control: no-cache");
header("Cache-Control: no-store");

If you create a session, and an array entry such as $_SESSION['resubmit'] in
conjunction with a hidden input in your form you can detect cached
resubmissions.
I.e.;
if( ! isset($_SESSION['resubmit']))
{
$_SESSION['resubmit'] = $sub = 1;//make them equal;
}
if($_SESSION['resubmit']==$_REQUEST['resub'] or exit('Got yah'))
{
do stuff here
}
<form etc>
<input type="hidden" name="resub" value="<?php echo ++$sub ?>">
</form>
You can modify this slightly to allow further entries via same form without
allowing a refresh to add extraneous data.
HTH
Vince

preventing browser back-tracking and cache control

preventing browser back-tracking and cache control

Comment