NYCPHP Meetup

NYPHP.org

[nycphp-talk] Warning: Page has expired!!

Carlos A Hoyos cahoyos at us.ibm.com
Mon Aug 5 16:22:51 EDT 2002



Say you have a php page like this:

/* test.php */
<?php
if($submit){
      // process form
      echo("you typed: $myvariable");

} else {
      // print form
      echo "\
<FORM METHOD=POST ACTION=\\"http://localhost/test.php\\">";
      echo "\
<INPUT TYPE=\\"text\\" NAME=\\"myvariable\\">";
      echo "\
<INPUT TYPE=\\"submit\\" name=\\"submit\\" value=\\"submit\\">";
      echo "\
</FORM>";
}
?>

The first time you call this page it will execute the 'else' part, thus
printing the form.
If you hit the submit button, it will execute the if part. Now, if you hit
refresh, you will get a 'page expired' error.

So one work around:

/* test.php */
<?php
session_start();
if($submit){
      // process form
      session_register("myvariable");
      header("Location: http://localhost/test1.php");

} else {
      session_unregister("myvariable");
      // print form
      echo "\
<FORM METHOD=POST ACTION=\\"http://localhost/test.php\\">";
      echo "\
<INPUT TYPE=\\"text\\" NAME=\\"myvariable\\">";
      echo "\
<INPUT TYPE=\\"submit\\" name=\\"submit\\" value=\\"submit\\">";
      echo "\
</FORM>";
}
?>

and then,

/* test1.php */
<?php
session_start();
echo("you typed: ".$_SESSION["myvariable"]);
?>

when you hit submit, you will get test1.php on your browser, with the right
content from the posted variables. When you hit refresh, no 'page expired'
error.



                                                                                                                                    
                      Oktay Altunergil                                                                                              
                      <nyphp at altunergil        To:       NYPHP Talk <talk at nyphp.org>                                                
                      .com>                    cc:                                                                                  
                                               Subject:  Re: [nycphp-talk] Warning: Page has expired!!                               
                      08/05/2002 01:24                                                                                              
                      PM                                                                                                            
                      Please respond to                                                                                             
                      talk                                                                                                          
                                                                                                                                    
                                                                                                                                    



Might you be referring to a 'session expired' issues rather than the 'page
expired' issue caused by trying to post a form twice ? If not, please
elaborate cause I don't see how this method will fix the latter.

Oktay

On Mon, 05 Aug 2002 12:39:35 -0400
Carlos A Hoyos <cahoyos at us.ibm.com> wrote:

>
>
> I once wrote a task managing application where users would login to see
in
> the home page a queue of incoming tasks and work on them.
> Many users would hit the refresh button on home page, or hit the back
> button after reading a task, and because the home page was reached after
a
> login screen (username & password posted), they would get the "page has
> expired message", very annoying.
>
> The way I solved it:
> 1- I coded an authenticate function: User name & password get validated,
> and if OK, some important user data gets saved as session variables.
> 2- On top of each page, I call a validate function that starts the
session
> and checks the session variables in (1). If they're not registered, it
will
> display login page, otherwise continues with validation (acls,
> initialization, etc....)
>
> When user first logins (in index.php), I get their username/password via
a
> POST form. If authentication (2) returns true, I use "header" to forward
> them to the mainpage (main.php), free of all forms and thus, free of the
> "expired" problem when refresh/back buttons are hit.
>
> Because on top of mainpage validation function gets called, nobody can
> access it without passing first through authentication.
>
>
>
> So, you can save your post variables (either in the DB with session as a
> key, or link them to session variables (as cookies)) and then send a
header
> that forwards to a new php page that will fetch your variables and
display
> the page. Since this new page would not be associated to any post action
--
> your variables came from the DB, not from post --, reloading or going out
> and back in with the back button will not give any "expired" problem.
>
> Voila!!!!
>
>
>
>
>
>









More information about the talk mailing list