Session Expiration and Refresh Button Problem
Posted on 2003-02-20
I have an HTML login page (form). Upon successful login, my perl script generates a session ID, which I embed in all the URL links. When the user logs out, I remove the session id from the session database. However, if I click the "Back" button, I get this error message: "The page cannot be refreshed without resending the information. Click Retry to send the information again, or click Cancel to return to the page that you were trying to view." When I click "Retry," the login information in the HTML form is resent to the web server. This is a big security hole. How do I disable this? I am very new to web programming, so I'm not sure what kinds of options I have. Any pointers would be greatly appreciated. Thanks for your time.