Implementing PHP and MySQL without updating alerts


I am somewhat new to PHP and MySQL, and have just setup a basic login + register system (it took me forever to be satisfied with my error messages!).

I have noticed a major annoyance with my code. When a user logs in, I run

$_SESSION['username'] = $username;

after the validating and comparing username and password with database entries.

A bit further down in the code, I have something like this:

if ($_SESSION['username'])
    //show that user has logged in

Upon page refresh, I get a popup, saying that "Firefox must send information that will repeat any action that was performed earlier."

I am pretty sure that this is caused by the accessing of the database, even though that shouldn't happen with my setup: I only connect to the database once the user has clicked the "login" button. This button is hidden when the user is logged in. Why, then, is this message appearing? Can I prevent it without making drastic structural changes or even using a different language?

That has nothing to do with your server-side language. What happens is that the user submitted a form and the browser sent a POST request. If you display such a website in your browser and press "refresh", Firefox will not just redisplay the page, but actually want to sent the complete POST request again.

Because that request may have been to transfer $1000 to your ex-wife (read: have side effects), the browser asks for confirmation.

A possible solution would be to follow a successful login with a redirect to another page, so that the most recent HTTP request is a GET, not a POST request.