This is often called "double click protection" or "double submit protection".

One of the simplest is as advocated in the ecommerce chapter of the venerable panda book by Phillip Greenspun (http://web.archive.org/web/20010119104500/http://www.arsdigita.com/books/panda/ecommerce):

Reload 5 Times = 5 Orders? The obvious way to implement an ecommerce system is the following:

  1. Serve user a static order form pointing to an "insert-order" page.
  2. When the user hits submit, the insert-order page will run and
    1. generate a unique order ID
    2. insert a row in the database
    3. run the credit card
    4. update the row in the database to say "authorization succeeded"
    5. print a thank-you page back to the user's browser
    6. send email thanking the user for the order
The problem with this approach is that various aspects of Step 2 may be slow, prompting the user to hit Reload. At which point another unique order ID is generated and another row is inserted into the database and the credit card number is authorized again. If the user hits Reload five times, it looks to the merchant's database just the same as five actual orders. The merchant can only hope that the user will notice the duplicate email messages and alert the merchant's customer service department.

There are potentially many ways of getting around this problem, but I think the simplest approach instead is to

  1. Serve user a dynamically generated order form that includes a unique order ID, pointing to an "insert-order" page.
  2. When the user hits submit, the insert-order page will run and
    1. insert a row into a database table with a primary key constraint on the order id. If the insert fails (Oracle won't allow two rows with the same primary key), catch it and look to see if there is already an order in the database with the same id. If so, serve the user an order status page instead.
    2. if the insert succeeded, proceed as above
You might want to use a shared memory store or local disk store if you're concerned about the scalability/performance of using a db, but if you're processing form data you're probably hitting a db already.

In reply to Re: CGI and Sessions by aufflick
in thread CGI and Sessions by santhi

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.