Thursday, June 10, 2010

HTTP status codes and the PRG pattern

The Post-Redirect-Get is a popular pattern in websites seeking to prevent users from reposting data by accident (e.g. refreshing the checkout page and then being charged again.)

Just to refresh, the process is as follows:

  1. User submits data which is POSTed to the server
  2. Server processes form data, and issues a REDIRECT
  3. Browser receives the REDIRECT and the GETs the new page

Because the final step is a GET (and not a POST), refreshing the page has no effect (assuming you’re not posting data via a get, in which case you should have your internet connection revoked).

What you may not know is the there is a standard HTTP response code for this operation – and it’s not 302, it’s 303. It’s a tiny detail, but an important one. If you’re using PRG as a pattern, make sure that whatever server tech you’re using issues the correct status code – it’s the little things that make all the difference. Just ask Apple.

(The ASP.NET MVC Controller.Redirect method uses 302, natch.)

http://en.wikipedia.org/wiki/HTTP_303

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

1 comment:

fundoo said...

Thanks for the information, we will add this story to our blog, as we have a audience in this sector that loves reading like this” web development