User-Friendly Form Validation with PHP and CSS
Subject:   POST requests should not be redirected
Date:   2004-04-27 06:57:43
From:   hukka
Using header("Location: ...") on POST requests is troublesome because the HTTP spec requires the browser to explicitly ask for user confirmation for the redirect. From the HTTP 1.1 spec, section 10.3.3:

If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

This is hardly "user-friendly". Of course (as noted also in the spec) most current browsers (especially IE) do not require this confirmation, but one should not count on this behaviour. At least current Mozilla browsers comply with the standard.

Using the redirect trick is fine for GET requests. For web forms using POST, a better solution would be to output a status page showing a message about the entered information having been successfully processed. You can include the followup URL as a "continue" link on that status page, and you could even add a META refresh tag to have the browser automatically redirect to that address after a few seconds.

1 to 1 of 1
  1. Chris Shiflett photo POST requests should not be redirected
    2004-04-29 09:13:48  Chris Shiflett | O'Reilly Author [View]

1 to 1 of 1