dongmei8460 2013-07-24 17:16
浏览 159
已采纳

Laravel 4:防止重新提交表单

I have gone through this question, but the answer posted their doesn't solve my problem.

The problem that occurs is that if the user hits the back button of the browser to return to the submitted form, the entered data persists and the user is able to "re-submit" the form. How can I prevent this behaviour (laravel's way)?

my route.php looks like

Route::group(array('after' => 'no-cache'), function()
{
Route::get('/', 'HomeController@index');
Route::ANY('/search','HomeController@search');
Route::get('user/login',array('as'=>'user.login','uses'=>'UserController@getLogin'));
Route::post('user/login',array('as'=>'user.login.post','uses'=>'UserController@postLogin'));
Route::get('user/logout',array('as'=>'user.logout','uses'=>'UserController@getLogout'));
Route::post('user/update/{id}',array('as'=>'user.update','uses'=>'UserController@userUpdate'));
Route::group(array('before' => 'auth'), function()
{
    Route::get('user/profile',array('as'=>'user.profile','uses'=>'UserController@getUserRequest'));
    Route::get('order/checkout','OrderController@checkout');
    Route::get('order/status',array('as'=>'order.status','uses'=>'OrderController@orderStatus'));
    Route::group(array('before' => 'csrf'), function()
    {
        Route::post('order/process','OrderController@process');
    });

});
}); 

filter.php

Route::filter('csrf', function()
{

if (Session::token() != Input::get('_token'))
{
    throw new Illuminate\Session\TokenMismatchException;
}
});
Route::filter('no-cache',function($route, $request, $response){

    header("Cache-Control: no-cache,no-store, must-revalidate"); //HTTP 1.1
    header("Pragma: no-cache"); //HTTP 1.0
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past

});

controller code

public function process(){        
    //data is saved to database
    Session::put('_token', md5(microtime())); 
    return Redirect::route('order.status');

}
public function orderStatus(){
    return View::make('orderStatus')->with('message','done');
}
  • 写回答

1条回答 默认 最新

  • doufei8250 2013-07-25 13:35
    关注

    The Shift Exchange:

    Are you sure your browser is not 'refreshing' the page when it presses 'back' - because of 'no-cache'? Try this: load the form, view the source, look @ the hidden token code. Then submit the form, press back, and @ look at the hidden token code - are they the same?

    Trying Tobemyself Rahu:

    no they aren't the same

    Then that is your answer! Your browser is 'refreshing' the page when you are pressing 'back'!

    So your code 'works' for most browsers - but whichever browser you are using is automatically refreshing the page on the 'back' - thus your token is being repopulated on the form. It is as is the user is 'revisiting' the form - so there is little you can do to stop this. It will work for most browsers...

    Or you can turn off the 'no-cache' for the form - or set it to like 5mins or something - so the browser will not refresh the page.

    Maybe have a 'form' cache filter - which is 5mins and a filter for all the other site - which is 0, something like that would be 'Laravel elegant' :)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 stm32 函数调用问题
  • ¥15 yolov9的训练时间
  • ¥15 二叉树遍历没有报错但无法正常运行
  • ¥15 在linux系统下vscode运行robocup3d上场球员报错
  • ¥15 Python语言实验
  • ¥15 SAP HANA SQL 增加合计行
  • ¥20 用C#语言解决一个英文打字练习器,有偿
  • ¥15 srs-sip外部服务 webrtc支持H265格式
  • ¥15 在使用abaqus软件中,继承到assembly里的surfaces怎么使用python批量调动
  • ¥15 大一C语言期末考试,求帮助🙏🙏