FYI, I'm not concerned about the form resubmitting to the database - it won't allow duplicate data. Instead, the user gets sent to a page saying "this has already been submitted". This page has a top menu and a side menu for the site, plus I could add a "click here to continue" link or button. Is that enough?

My concern is that the users of this particular site tend to be older and less computer savvy and a few might be frustrated by their browser not taking them back to the form. Am I worried about nothing here?

I've tried a few approaches to resolving this (redirecting user to the form again would be my ideal solution) but I'm confounded. Here's the setup :

form.html submits to processor.asp on windows server
processor.asp submits to processor2.php on linux server
processor2.php redirects to success.html on windows server, or if data has already been submitted it redirects to fail.html on windows server

Another confounding factor - some browsers throw their own warning when trying to use the back button - example: "As a security precaution, Firefox does not automatically re-request sensitive documents."

Besides the website's older user experience, I am also trying to use this 2 server system for an internal use where the user would definitely want to get back to the form to submit different data. The windows server is mine, but the database must be fed from the linux server, which I have limited access to. I can add to the php script, but I'm not good with php. These internal users can learn to use a link to get back, but I'm sure some of them are also addicted to the back button.

Thanks for any input.

First, there's no way around customizing that warning. You will get that whenever you use the POST method (which you should use for any form that has a lot of data). The GET method will not throw that error but WILL re-submit the information automatically, so you need to be careful if anyone suggests that approach.

Second, I would definitely add a message on the success page not to use your back button. Sometimes, a little direction is all that a web site needs, and even older audiences are getting better about understanding the way their browsers work and following those kinds of directions.

Third, you can redirect twice so that the success.html immediately redirects to success_final.html or something like that. This way, if they hit the back button, they will go to an HTML page that you can customize and control or you can have it push them right back to success_final.html to make it "impossible" for non-tech-savvy folks to get further back (most tech-savvy people will know about their browser's ability to jump back multiple pages). This way, they'll never see that warning about the back button (this is a technique used a lot in e-commerce sites today to help reduce duplicate orders).

What I usually do is, after the form has been submitted and the user is redirected to the thank you page, is have copy on the page saying "thank you etc." and then more text saying "you will now be redirected to "some page" and it does so.

What's wrong with your redirect process?

Another approach I believe is in use is to simply log the user out of their account after rendering the success page being served out.

They submit. Data is parsed and stored, order submission processed, confirmation summary and printed invoice, etc. prepared and handed off to success page as text and/or PDF download. This page is generated, and the user logged out before they even see the success page. From there, clear navigation signals can take them to the front door or the department they were shopping in. To use the cart, they would just have to log in again. Nobody minds that, once they realize the added security it provides. Seems feasible?

...you can redirect twice so that the success.html immediately redirects to success_final.html or something like that. This way, if they hit the back button, they will go to an HTML page that you can customize and control...
Thanks! I might use this approach, or something similar, for the front-end of the site.


What I usually do is, after the form has been submitted and the user is redirected to the thank you page, is have copy on the page saying "thank you etc." and then more text saying "you will now be redirected to "some page" and it does so.

What's wrong with your redirect process?
Different flavor of jhilgeman's suggestion, which I will likely go with. I don't want to whisk them off to the home page or anything like that, because on the success page (or success_final after adding a redirect to discourage the back-button problem) I want to have a message explaining the next steps in the process and want the customer to have plenty of time to read it. Nothing is wrong with my redirect process, I just want to keep this simple, and I was starting to over-think it (which I ususally do when dealing with a site frequented by the less-than-tech-savvy crowd). Thank you for reinforcing the "2 success pages" method.


Another approach I believe is in use is to simply log the user out of their account after rendering the success page being served out.

I guess I should have made it clear that this isn't a shopping cart - thank you for trying to help though! :)