Based on a harrowingly unproductive experience this afternoon, I’m proposing the following rules:
If a user has entered information, or changed fields in a web form, do not force a page refresh if the form hasn’t been submitted.
If you must, then preserve that entered information.
If you can’t, or mustn’t (ala passwords), refer to point #1.
You’re free to disregard or disagree with these, but know you’re deploying a user-hostile application.