This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

Return Back button browser navigation


  1. bmike
    Member

    When I use the “redirect to website” for the submission confirmation, in the confirm page if the user click on return back button in the browser, return on the form, reload all (with alert message) and sent another request (with the same previous details).

    Any ideas to resolve this issue?
    I tried to set the anti-spam, but not works with "return back".

    Thanks.
    Regards,
    Michele

    Posted 10 years ago #
  2. DoctorChas
    Member

    Try adding this to the top of the form's page:

    <?php session_start(); ?>

    That's of course assuming the form page is PHP. If it isn't you could try renaming the form's page to .php and use the PHP Embed method for inserting the form's code.

    =:~)

    Posted 10 years ago #
  3. bmike
    Member

    Thanks for your support but <?php session_start(); ?> not works.

    Posted 10 years ago #
  4. DoctorChas
    Member

    Very odd. It works on mine.

    =:~)

    Posted 10 years ago #
  5. yuniar

    If the user is navigating to the previous page using the browser's back button, the content of the previous page might be re-submitted again by the browser indeed. MachForm will revalidate the data again in that case.

    There's nothing we can do to change this behaviour as this is the standard on all browsers.
    That's why we provide the "Previous" link at the bottom of your form, so that your user could navigate backward without resubmitting the form.


    MachForm Founder

    Posted 10 years ago #
  6. bmike
    Member

    Ok, but MachForm send the date without check the code in the captcha filter... I think that if a user return back to the form (with the return back of the browser) the captcha code should change and block the sending. If some spam system becomes aware of this problem, could use it to send thousands of messages and crash the mail server (or include the IP in a blacklist).

    For me this is a security bug.

    Posted 10 years ago #
  7. yuniar

    No, actually it is designed that way. Previously, on version 2 or earlier, the captcha code is being checked each time the form being submitted.
    We received many feedbacks that this behaviour is pretty tedious and would actually reduce the submission rate, because most people hate filling out captcha again and again.

    As of version 3, we improved the captcha behaviour.
    The captcha will be displayed/validated on the first submission of the form. Once a person has successfully entered valid captcha response, we can be sure that he/she is a real person, thus machform won't display/validate captcha code for any subsequent submissions.

    This is valid for that particular session only. Once the user closed the browser, the session will be restarted again and the captcha will be displayed/validated.

    So the whole behaviour is working fine, as we have designed it that way.

    Our definition of security issue is when your form is not working as intended and allow outside user to compromise your server.


    MachForm Founder

    Posted 10 years ago #
  8. bmike
    Member

    Ok, but if I don't use captcha (I hate captcha... wufoo's forms have a big solution to avoid captcha, please include similar solution in the next version) is a disaster for my mail server.

    However, I've found a temporary alternative solution... two redirect web pages, the first immediately and automatically redirect to the second with the confirm message... if the user click on the back button in the confirm page, not redirect to the form but to the confirm page (I know, is basic solution but better than nothing).

    DoctorChas user in a previous post, suggest me to use this php code:
    <?php session_start(); ?>

    What do you think about it?

    Posted 10 years ago #
  9. bmike
    Member

    Is possible to view a captcha only when the system detect activity not normal (for example, block after 5 sent consecutive in the last 5 minutes from the same IP address)?

    Posted 10 years ago #

RSS feed for this topic

Reply