Prevent form resubmit

[hazcod]

Hi,

Thank you for this library, this works perfectly against CSRF attacks.
However, is there a possibility to use this to combat "CTR+R" (browser resubmits) ?

[justinas]

Hi @hazcod,

Do you mean the case where a user might refresh the page after successful form submission and in this way repeat the submission?

As far as I know, such cases are prevented by redirecting to another page (or even the same page) after the form submission. So if user posts /posts/create, the CreatePost handler would issue a redirect back to /posts or similar. Then F5 becomes a non-issue as the user would only repeat the GET request to /posts.