Re: Re: Preventing Duplicate Form Submissions

in reply to Re: Preventing Duplicate Form Submissions
in thread Avoiding a second click

What I do in this case is that I store the parameters of the form, and if I find that I have already received it, I check compare the 2 sets of parameters. If they are identical then no problem, I do not process the second form and just resend the result. If there is a difference I send an error message. What you do in this case really depends on your application. You might want to "undo" the first transaction and process the second one.

Update: I forgot to mention that I store the unique identifier in a hidden parameter. This is certainly not completely secure, as the parameter can be changed and intercepted, but I believe it is OK in my case (malicious users changing the parameter would just loose the session and outside attackers trying to hijack the session would get the error message).

Comment on Re: Re: Preventing Duplicate Form Submissions

Replies are listed 'Best First'.
Re: Re: Re: Preventing Duplicate Form Submissions by mothra (Hermit) on Jun 12, 2002 at 15:58 UTC
Depending on how you're applying this concept, it could be broken. A user might submit the exact same parameters later in the day (e.g. order "one more" of an item they had previously order that day or suchlike), or maybe even five minutes later.	[reply]
Re: Re: Re: Preventing Duplicate Form Submissions by MMilani (Sexton) on Jun 12, 2002 at 11:29 UTC
Dear Mirod, Thank you very much for your kindly reply. I certainly will consider your comments.	[reply]

In Section Seekers of Perl Wisdom