Let's say you have three PHP pages, where page1.php POST data, page2.php obtains the POST data and redirects to page3.php.

For example, let's say www.freekb.net/page1.php contains the following. Notice in this example that the method is POST.

<form method="post" action="page2.php">
  <input type="text" name="foo">
  <button>Submit</button>
</form>

At page1.php, something like this should be displayed.

After clicking submit, you would be directed to page2.php with the following URL. Notice the foo key and value of "Hello World" are NOT included in the URL.

http://www.freekb.net/page2.php

However, you can still get the content of the foo key via a $_POST request. Let's say there is also an a href that redirects from page2.php to page3.php.

<?php
  echo $_POST['foo'];
?>
<a href="http://www.freekb.net/page3.php"></a>

At page3.php, if the use clicks the back arrow in their web browser, confirm form resubmission would be displayed because page2.php is attempted to get the vault of the "foo" key via POST but clicking the back arrow would not include the foo=Hello World POST data.

This issue can be prevented by including the following PHP on page2.php.

<?php
  header("Cache-Control: no cache");
  session_cache_limiter("private_no_expire");
?>