On Friday 25 October 2002 9:51 am, Octavian Rasnita wrote: > Hi all, > > I've made a script that displays 2 forms one after another, then the result > page. > It works like a Wizard from Windows. > > In the first page, I print a form for getting the username and the > password, and if these are good, the script prints the second form with > some private data. > After submitting the second form, the script prints the result page. > > If the browser is not closed, and another visitor presses the back button > of the browser, they see the private data. > > I put the following header in that second page: > print $q -> header(-expires => 'now', '-Cache-Control' => 'no-cache'); > > After this, if the visitors go back to view the second page, the browser > tells that the page expired, but if the visitors refresh the page, they can > see the private data from the second form. > > > I guess the username and the password are sent again from the first form. > > How can I stop this? > > I also tried to put that header for not caching the first page, but ... > same results. > > If I try to view the first page by pressing the back button one more time, > the username is not displayed, but if I just refresh the second page, the > username and password are sent. > > In the first page I use the post method in the form. > > Thank you. > > > > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED]
Try: print $q->header(-pragma=>'no-cache'); Your document will still be cached, but the web cache will check to see if there's a newer version first, and if not, show the stored document. Apparently, there's more info about pragmas at www.w3.org, specifically RFC2616 (ftp://ftp.isi.edu/in-notes/rfc2616.txt). I haven't been able to prove this though since the Network Officer where I work has disabled FTP on the proxy :-( Disclaimer: I haven't tested this out myself, so if it doesn't work - don't blame me! I'm just regurgitating what I've read in a couple of really good books. -- Geraint Jones -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]