On Fri, Sep 22, 2006 at 10:45:51AM -0500, [EMAIL PROTECTED] wrote: > > The token is stored in the session. So all that happens is upon > > submission a check is made that the token exists in the form and it > > matches the current one stored in the session. If so, it is deleted. > > When a new form is created a new token is created. Someone can't > > really have two windows open at the same time. > > This seems like a bug to me, the token list should be just that. not a > one off placeholder. You should be able to have N tabs open on different > forms on the same app/session without each form clobbering the previous > ones token. Tokens are cheap and specific enough that they should be kept > until used.
What about multiple forms on the same page? Should there be one token per form or one token per request? > > Geeze, if people double click on submit buttons and can get past the > > javascript then they get what they deserve. ;) > > That viewpoint is hard to sell to me. If people double click and I am not > smart enough to catch it I get what they deserve. =) Well, actually, they don't get what they deserve -- which is the output from the first request. ;) -- Bill Moseley [EMAIL PROTECTED] _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
