[LRUG] Double submit

Matt Spendlove matt at cenatus.org
Mon Apr 27 02:54:39 PDT 2015


Traditionally we'd Post then redirect to stop double submission:

http://en.m.wikipedia.org/wiki/Post/Redirect/Get

That of course assumes your browser is redrawing which I suspect might not
be the case nowadays.

In a rich client app you could use the "nonce" alternative linked at the
bottom which sounds similar to the previous suggestions.

On Friday, April 24, 2015, Riccardo Tacconi <rtacconi at gmail.com> wrote:

> Hi,
>
> You could put a hash in  a hidden field, when Rails receives the first
> submission you save it in the session with a timestamp. Every time you
> receive new submission you check if the has has been already used in the
> last few seconds, if it was already used you trigger a validation error.
> You will have to clean stale submission from the session. Otherwise you
> could put the has in the DB.
>
> On 24 April 2015 at 09:43, Andrew Stewart <boss at airbladesoftware.com
> <javascript:_e(%7B%7D,'cvml','boss at airbladesoftware.com');>> wrote:
>
>> Hello LRUG!
>>
>> Some people using my Rails app are speedy double-clickers of form submit
>> buttons.  While I admire their alacrity I would like Rails to ignore the
>> duplicate submissions.
>>
>> Disabling the submit button client-side heads off the
>> quick-but-not-lightning double-clickers.  However a special few still
>> outpace the browser so I am after a server-side solution.
>>
>> I imagine each form submission would have a unique token and the server
>> would ignore or raise an error for submissions with duplicate tokens within
>> a rolling window of, say, a few seconds.  Perhaps this would be handled in
>> a Rack middleware.
>>
>> Does such a thing already exist?  I know this is an old problem but I
>> can't seem to find any decent solutions.
>>
>> Thanks in advance!
>>
>> Yours,
>>
>> Andy Stewart
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org <javascript:_e(%7B%7D,'cvml','Chat at lists.lrug.org');>
>> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
>> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
>> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>
>
>
> --
> Riccardo Tacconi
>
> http://github.com/rtacconi
> http://twitter.com/rtacconi
>


-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20150427/511ab1fc/attachment.html>


More information about the Chat mailing list