post-redirect-get and expire

I have a page where the user does a http 'get' to fill out data for a form, the user then http 'posts' the form, and when successful, the user is http 'redirected' to a receipt page.

Now this is all fine and dandy, but the user can hit 'back' in the browser and resend the form. I want to expire the form, but have tried a multitude of expire strategies. None of them working consistently.

Is there something with this pattern preventing ex开发者_开发技巧piration of the form?

How is it possible to expire the form?

You can't expire a form per-se.

P-R-G is used to prevent multiple form submissions, so if the user presses "refresh" on their browser after a POST (aka form submission), the form won't be re-submitted - since the "refresh" button just executes the previous request in the history (which was a GET, as a result of your redirect).

What you could do is create a cookie when you render the form the first time, and set an expiry to when you want the form to expire.

Then that cookie will be sent with each subsequent HTTP request. You should check the cookie in your HTTP POST action and return an error if the cookie has expired.