RTC Forums
November 01, 2024, 01:37:45 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: Stop POST when refreshing the page  (Read 4386 times)
clockon
RTC Expired
*
Posts: 22


« on: April 30, 2014, 01:06:20 PM »

hi

does anyone know if there is a way to stop or know if a page is POST'ing from a page refresh? e.g. submit a page and save changes, press F5 and the page wants to POST again rather than GET. I have read a few different ways for other systems but wanted to see if anyone has come up with a neat way for RTC?
Logged
D.Tkalcec (RTC)
Administrator
*****
Posts: 1881


« Reply #1 on: May 02, 2014, 08:16:13 AM »

When writing a Web Server with RTC SDK, you have access to all the data received from Clients, and you have full control of everything you want to send back. The complete request content body received from a Client will be available to you through the TRtcDataServer(Sender).Read and ReadEx methods, with all the request headers in the TRtcDataServer(Sender).Request object. You just need to use these to access the data, then use the TRtcDataServer(Sender).Response object and the Write or WriteEx methods to send a response back to the Client. That's really all there is to using RTC.

But, to write a Web Application, you also need to understand how HTTP works, learn a lot about the HTML standard and how different Web Browsers handle HTTP requests and HTML content. I do not write Web Applications, so I can't help you with questions related to HTML without googling it myself, but if you find an example for PHP, Java or any other technology, and you can't get it working with RTC, feel free to post it here and I will take a look at it.

Best Regards,
Danijel Tkalcec
Logged
clockon
RTC Expired
*
Posts: 22


« Reply #2 on: May 06, 2014, 02:33:26 AM »

thanks for the info, just thought id ask the question. There are only basically a few ways most people guard against it from what ive read, these are the options if you didnt already know that i cameacross.

1. After each POST redirect the page so that its in a GET state and refreshing the page wont send a POST request. Which is the easiest way to handle it.
http://en.wikipedia.org/wiki/Post/Redirect/Get

2. POST pages using ajax.
3. Use a NOnce, this requires a little bit of thought, seems to be used quite a bit and is the most secure if done right. You basically generate an encrypted key with an expiration, store that against the page and the user's session. Once the user sends a POST with a matching key, handle the request and generate a new one so that if the user or any hackers that attempt to request the same page with the same key is not accepted.
https://codex.wordpress.org/WordPress_Nonces

im using the first option at the moment but having a look at the nonce and seeing whats involved. But might have to come back to that part of it  Smiley
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.024 seconds with 17 queries.