in reply to Avoiding a second click
If you can provide some sort of unique "transaction identifier" number that the server can use to check for duplicate submissions, you might be able to catch these.
In your CGI handler, for example, you would look to see if that transaction identifier had been submitted before, and if it had, you could either generate an error, or merely display the result of that prior transaction.
The problem with the second approach is that the user might have hit the emergency "Stop" button, changed something, and submitted again. In that case their change will be silently ignored, and that's not good.
Re: Re: Preventing Duplicate Form Submissions
by mirod (Canon) on Jun 12, 2002 at 00:23 UTC
|
What I do in this case is that I store the parameters of the form, and if I find that I have already received it, I check compare the 2 sets of parameters. If they are identical then no problem, I do not process the second form and just resend the result. If there is a difference I send an error message. What you do in this case really depends on your application. You might want to "undo" the first transaction and process the second one.
Update: I forgot to mention that I store the unique identifier in a hidden parameter. This is certainly not completely secure, as the parameter can be changed and intercepted, but I believe it is OK in my case (malicious users changing the parameter would just loose the session and outside attackers trying to hijack the session would get the error message).
| [reply] [Watch: Dir/Any] |
|
Depending on how you're applying this concept, it could be broken. A user might submit the exact same parameters later in the day (e.g. order "one more" of an item they had previously order that day or suchlike), or maybe even five minutes later.
| [reply] [Watch: Dir/Any] |
|
Dear Mirod,
Thank you very much for your kindly reply.
I certainly will consider your comments.
| [reply] [Watch: Dir/Any] |
Re: Re: Preventing Duplicate Form Submissions
by MMilani (Sexton) on Jun 12, 2002 at 11:28 UTC
|
Dear Tadman,
Thank you very much for your kindly reply.
I certainly will consider your comments.
| [reply] [Watch: Dir/Any] |
|