I have gone through this question, but the answer posted their doesn't solve my problem.
The problem that occurs is that if the user hits the back button of the browser to return to the submitted form, the entered data persists and the user is able to "re-submit" the form. How can I prevent this behaviour (laravel's way)?
my route.php looks like
Route::group(array('after' => 'no-cache'), function()
{
Route::get('/', 'HomeController@index');
Route::ANY('/search','HomeController@search');
Route::get('user/login',array('as'=>'user.login','uses'=>'UserController@getLogin'));
Route::post('user/login',array('as'=>'user.login.post','uses'=>'UserController@postLogin'));
Route::get('user/logout',array('as'=>'user.logout','uses'=>'UserController@getLogout'));
Route::post('user/update/{id}',array('as'=>'user.update','uses'=>'UserController@userUpdate'));
Route::group(array('before' => 'auth'), function()
{
Route::get('user/profile',array('as'=>'user.profile','uses'=>'UserController@getUserRequest'));
Route::get('order/checkout','OrderController@checkout');
Route::get('order/status',array('as'=>'order.status','uses'=>'OrderController@orderStatus'));
Route::group(array('before' => 'csrf'), function()
{
Route::post('order/process','OrderController@process');
});
});
});
filter.php
Route::filter('csrf', function()
{
if (Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
Route::filter('no-cache',function($route, $request, $response){
header("Cache-Control: no-cache,no-store, must-revalidate"); //HTTP 1.1
header("Pragma: no-cache"); //HTTP 1.0
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
});
controller code
public function process(){
//data is saved to database
Session::put('_token', md5(microtime()));
return Redirect::route('order.status');
}
public function orderStatus(){
return View::make('orderStatus')->with('message','done');
}
