"Webpage has expired" $_SESSIONS in PHP

Question

In my web-application I'm using $_SESSIONS but sometimes, when the users hits the backspace key he gets:

Webpage has expired

message.

Why is this happening? What can i do to avoid this?

Answer 1

Like Chad said, that's the result of going back to a page that was the result of a POST request. And like the comments said, you can't just replace a POST with a GET, because that's a bad idea for a variety of reasons.

However, you can combine the two: let the request be a POST, but issue a Location header redirect, which the browser will then execute as a GET. To the user this will look like a single operation, but to the browser it will be a POST followed by a GET, which effectively eliminates this issue.

Answer 2

It also has to do with the cache control directives sent to the browser.
Take a look at http://de.php.net/manual/en/session.configuration.php and http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings to learn more about the cache settings.

http://shiflett.org/articles/how-to-avoid-page-has-expired-warnings:

Recap

To avoid "Page Has Expired" warnings, set session.cache_limiter to private, and make sure that any form using the POST method submits to an intermediate processing page that redirects the user to a different URL.

Answer 3

This doesn't have anything to do with $_SESSION variables, it has to do with you transferring information between pages using POST method. If you want to avoid it you need to use GET method instead of POST.