Re: A question about web security mechanism

From: Barry Margolin (barmar@genuity.net)
Date: 05/24/02


From: Barry Margolin <barmar@genuity.net>
Date: Fri, 24 May 2002 18:55:19 GMT

In article <acm0t1$fsh$1@solaria.cc.gatech.edu>,
Chenghuai Lu <lulu@cc.gatech.edu> wrote:
>After I logged into my discover card account, I click refresh bottom in my
>browser. My web brower show the dialog that "The page cannot be refreshed
>without resending the information. Click Retry to send the information
>again, or click Cancel to return to the page that you were trying to view.".
>If I choose Retry, my information is sent and the page is reloaded. While
>for cancel, the page cannot be reloaded.
>
>My question is, what is the mechanism this website use for security? what
>kind of information is re-sent? I assume that this is different from use of
>session cookie since browser won't popup the dialog box when I refresh the
>page in my yahoo mail account.

The "Refresh" command works by simply sending the same thing that the
browser previously sent. If the page you're viewing is the result of
filling out a form, it has to send the same data that it sent when you
filled the form previously.

The warning isn't coming from the site, it's an automatic warning that the
browser produces whenever you ask to refresh a page that came from filling
out a form. The reason for the warning is that there might be problems if
the form told the web site to perform some action, like submitting a
purchase; if you do it twice, you might end up buying the same item again.
Some web sites may make use of cookies or other mechanisms to prevent being
fooled like this, but the browser has no way of knowing, so it takes the
cautious route and warns you.

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.



Relevant Pages

  • Re: Error refreshing a web page
    ... if the current page is a result of a postback, then to do a refresh the browser needs to post the data again. ... Not knowing why the error is popping up is preventing me from figuring out what in my environment changed. ... Run the web site in the debugger. ... The browser's refresh button works fine UNTIL I click the button on the page. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Error refreshing a web page
    ... since my work has nothing to do with commerce, ... browser to pop up such a specific message, ... Environment: VS 2005 team developer, AJAX extensions, .NET 2.0. ... The browser's refresh button works fine UNTIL I click the button on the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Code to "click" a button -- is this possible?
    ... Once the client receives ... look at is that the web server simply makes a suggestion to the browser. ... will refresh another frame called "Main"? ... I have frames set up in an asp.net application and need one frame to ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: A question about web security mechanism
    ... >After I logged into my discover card account, I click refresh bottom in my ... >session cookie since browser won't popup the dialog box when I refresh the ... the form told the web site to perform some action, ...
    (comp.security.misc)
  • Re: FamilySearch browser problem
    ... When I call up a search, get a list of results, click on an individual result to view the details, click the "back" button on my browser to return to the list of results only to find that the list has disappeared with a message saying I need to click "refresh" to return to the screen! ... I then get an almost blank screen with a message saying that I need to re-submit information or hit the "refresh" button. ... I cant re-submit info on this screen so I hit "refresh" and then i get a blank IGI search page ...
    (soc.genealogy.computing)