I'm wanting to know if its possible to stop people clicking "back" and re-submitting a form which is uded to update an account after payment. It's easy to just click back and hit refresh which would credit the users account again for free! Not many people will think of this but it's possible and could end up costing me a fortune!
You could perhaps give them a code after paying (perhaps a MD5 hash of a random number) which is stored in a database table/file of allowed codes until they use it once, then it is deleted. You could pass the code in a hidden form field.
"If youíre not using valid HTML, then you havenít created a Web page. You may have created something else, but it isnít a Web page." - Joe Clark
at the moment they get a code which is posted from a 3rd party, verified and then redirected back to my account update page. I could log the code in a file and check it every time a code is entered but that would involve a ton more coding and as I can only use flat files after a while the script would just time out! Cookies are working for now, my users can just get over it :P