Once you've posted something, don't reload the page (normally, browsers should warn about resubmitting form data anyway)
I think this is a bug.
The usual way to handle a successful HTTP POST request is to redirect to a page that will be fetched via GET (instead of delivering the content directly in reply to the POST request). Reloading that page has no side effects like reposting. See also Post/Redirect/Get.
Another option that needs more effort and more code is to include a token in the HTTP form that is send via POST, and to invalidate the token once it has been sent.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] |
| [reply] |