Based on a harrowingly unproductive experience this afternoon, I’m proposing the following rules:

  1. If a user has entered information, or changed fields in a web form, do not force a page refresh if the form hasn’t been submitted.

  2. If you must, then preserve that entered information.

  3. If you can’t, or mustn’t (ala passwords), refer to point #1.

  4. You’re free to disregard or disagree with these, but know you’re deploying a user-hostile application.