Re: (CGI) Prevent a reload from resubmitting a form

The second click could be calling the CGI script again within the limits of the gettimeofday() function. While you could improve this by increasing the granularity of the function, this would remain unscalable, you should add a random element to $v which would allow the session token to be unique, and also from a security perspective to make the session token less predictable.

CGI::Session may offer what you require, or Apache::Session::Generate::ModUniqueId

Update:Good observation by ww. In my haste I missed the presence of Time::HiRes.

Could you retry with verbose logging of the uniquid() and check_reload() functions? (This may of course prevent a race condition from occuring, or it may demonstrate the issue,)

The fact that you've tried adding a random element to $v without resolution troubles my understanding :(

Comment on Re: (CGI) Prevent a reload from resubmitting a form Select or Download Code

Replies are listed 'Best First'.
Re^2: (CGI) Prevent a reload from resubmitting a form by ww (Archbishop) on Jun 27, 2009 at 10:50 UTC
The granularity of `gettimeofday()` is microseconds. One would need very fast fingers to "hit the submit-button realy realy fast serveral times in a row..."	[reply] [d/l]
Re^2: (CGI) Prevent a reload from resubmitting a form by fmk (Acolyte) on Jun 27, 2009 at 11:06 UTC
I use CGI::Session to create the token which identifies the session, this is not the $token which should prevent the resend of POST-Data. I tired to add a rand(10) to $v but this didnt change the scripts behavior.	[reply]
Re^2: (CGI) Prevent a reload from resubmitting a form by fmk (Acolyte) on Jun 27, 2009 at 11:51 UTC
Sorry, what do you mean with verbose logging?	[reply]
Re^3: (CGI) Prevent a reload from resubmitting a form by Utilitarian (Vicar) on Jun 27, 2009 at 12:12 UTC
print the parameters your script is called with, the values your token is generated with etc.. to a logfile. This might show up where the problem arises (param{token} being null for $s and $q for example)	[reply]
Re^4: (CGI) Prevent a reload from resubmitting a form by fmk (Acolyte) on Jun 27, 2009 at 13:39 UTC
Okay, this is an extract of what i got with the logging: ==> Script begins $token: 9bf32932a275cc43cfbe087fd250bbb387c3291d940cf055f5c0e21e0a2004 +9c $s->param('token'): d46f207c3ed8f13b3405476058065b9fa1264385c08e8d1355 +1e96a594de2ea2 $q->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d Doing Check... $s->param('token') [set after check]: dfa823a7399e368e47bf4ee9dab809af +c82c97d46e9c34faf5c47d60bcb43f1d ==> Script ends ==> Script begins $token: e61765060754bb5ba87457d3e61576188aa3230719d9706560cda181f57120 +b3 $s->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d $q->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d Doing Check... === Possible Reload === $s->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d $q->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d $token: e61765060754bb5ba87457d3e61576188aa3230719d9706560cda181f57120 +b3 ======================= $s->param('token') [set after check]: dfa823a7399e368e47bf4ee9dab809af +c82c97d46e9c34faf5c47d60bcb43f1d ==> Script ends ==> Script begins $token: 737d7506542862b1856d7f84f4f0ac1f39b1b96aac425076383419cab874ba +c6 $s->param('token'): dfa823a7399e368e47bf4ee9dab809afc82c97d46e9c34faf5 +c47d60bcb43f1d $q->param('token'): 9bf32932a275cc43cfbe087fd250bbb387c3291d940cf055f5 +c0e21e0a20049c Doing Check... $s->param('token') [set after check]: 9bf32932a275cc43cfbe087fd250bbb3 +87c3291d940cf055f5c0e21e0a20049c ==> Script ends [download] It first looks like the $token is not given correctly to HTML::Template::Compiled, but i have the same issues when trying with out it, having the html directly in the script. Seems like CGI does not update $q->param('token') for some reason.	[reply] [d/l]