[LRUG] Double submit

Tom Stuart tom at codon.com
Fri Apr 24 03:44:51 PDT 2015


Hi Andy,

On 24 Apr 2015, at 09:43, Andrew Stewart <boss at airbladesoftware.com> wrote:
> I imagine each form submission would have a unique token and the server would ignore or raise an error for submissions with duplicate tokens within a rolling window of, say, a few seconds.  Perhaps this would be handled in a Rack middleware.

What’s the underlying problem? What goes wrong when a form is submitted twice?

If the action were already idempotent (e.g. GET search results, PUT updated bio, DELETE comment) then duplicate submissions wouldn’t be a problem, so I assume we’re talking about a POST request that has side effects that shouldn’t be repeated, like sending an email or creating a row in a database table.

If that’s the case, I’d investigate whether it’s simpler or easier (or both) to debounce the side effects themselves rather than faffing with single-use tokens. For example: the part of the system that’s responsible for creating an order could check whether an identical order was created in the last N seconds, and if so, return that order instead of a newly-created one. This way your controller (or whatever) doesn’t need to do anything special, with the added bonus that a) you get the debouncing behaviour for free elsewhere (e.g. during API requests, batch processing &c) and b) when the user receives the response to their second HTTP request it just looks like everything has worked normally instead of “validation error: form already submitted”.

Cheers,
-Tom


More information about the Chat mailing list