How to prevent browser from executing some JavaScript when person clicks Back button?

Question

Server returns a page, which has a hidden input containing some one-time CSRF tokens to be used for future AJAX requests. The .onload handler parses those tokens and removed the <input>. The problem occurs when the person navigates away to an external website and then uses the "Back" button to return to the previous page. Browser uses a cached version of the page, which contains the <input> with tokens, which might have been used up already. I have no way to check that until the request is made.

Is there a reliable way, to pass some data into JavaScript variable, which will be guaranteed to execute only once, even if the person clicks "Back" button to get to the page?

The only solution I can think of, is to request these tokens asynchronously on page load, but it makes little sense to make a round-trip to the server for a couple of short strings, when a huge chunk of compressed content is being sent to the user anyways.

Answer 1

You could try using a hidden form, as browsers preserve form data, and then use js to sniff the form to check if the page is 'dirty'.

There's a good example in this answer: https://stackoverflow.com/a/5642600/1759514

Answer 2

You could use localStorage and put a flag in there, but there could be compatibility problems with old browsers.

Local storage: http://www.w3schools.com/html/html5_webstorage.asp

But the best you can do is ask the server as you said, there is nothing wrong in sending short strings, popular sites do it all the time.