Why are HTML forms sometimes cleared when clicking on the browser back button

html forms browser back-button form-data
Gerwald picture Gerwald · May 9, 2012 · Viewed 10.3k times · Source

I am sure everybody knows that behaviour. You fill in a form on the web, and you submit it. After the submission you recognize that you filled in some wrong data. So, you click on the browsers back button. Then, sometimes the form still have the data you entered (what you are hoping in this situation) and sometimes not.

I couldn't find any connection when it is cleared and when not.

Some answers i found on the internet / stackoverflow:

  • on https connections, forms are always cleared
  • when using dynamic websites with sessions, forms are always cleared

But both of them are definatly wrong. I have seen sites (like one of my own) that does keep the form-data after the browser back and are using https and are using sessions.

So please: can anybody explain me how browsers are handling this stuff?

By the way: my task is it to make sure that the form data is not cleared.

Answer

Tim Medora picture Tim Medora · May 9, 2012

I can't provide the definitive answer for all scenarios.

As a web developer, here's the rule I generally follow for sites I develop, to accomplish the goal of not letting the user lose data:

  • Disable all caching (via HTTP headers) on the page you want retained.
  • Capture all data into session (or some other temporary storage) when the form is submitted.
  • If the user navigates backwards, the browser requests a new version of the page (because you set it to never cache).
  • The page has logic to look to the session/database/wherever and repopulates all the fields based on the last input state. If there were dynamic inputs on the page, you should have enough data to recreate them.
  • Once the process is finished, use a POST/Redirect/GET pattern to clear the session data and make it difficult for the user to go back to the original page.

Some answers i found on the internet / stackoverflow:
1. on https connections, forms are always cleared
2. when using dynamic websites with sessions, forms are always cleared

I believe #1 varies by browser/security settings/scenario.

Assumption #2 is certainly not true in all cases (the pattern I just described leverages session and dynamic forms).

Related questions

How do you disable browser Autocomplete on web form field / input tag?

How do you disable autocomplete in the major browsers for a specific input (or form field)?

Read More
Disabled form inputs do not appear in the request

I have some disabled inputs in a form and I want to send them to a server, but Chrome excludes them from the request. Is there any workaround for this without adding a hidden field? <form action="/Media/Add"&…

Read More
Make page to tell browser not to cache/preserve input values

Most browsers cache form input values. So when the user refreshes a page, the inputs have the same values. Here's my problem. When a user clicks Save, the server validates POSTed data (e.g. checked products), and if not valid, …

Read More