[EMAIL PROTECTED] wrote on 09/22/2006 01:19:52 PM: > On Fri, Sep 22, 2006 at 10:45:51AM -0500, [EMAIL PROTECTED] wrote: > > > The token is stored in the session. So all that happens is upon > > > submission a check is made that the token exists in the form and it > > > matches the current one stored in the session. If so, it is deleted. > > > When a new form is created a new token is created. Someone can't > > > really have two windows open at the same time. > > > > This seems like a bug to me, the token list should be just that. not a > > one off placeholder. You should be able to have N tabs open on different > > forms on the same app/session without each form clobbering the previous > > ones token. Tokens are cheap and specific enough that they should be kept > > until used. > > What about multiple forms on the same page? Should there be one > token per form or one token per request? I think one per form would be the expected behavior, but if it is general enough and supports a queue of tokens you are free to use one token for each form or one for each page of forms.. In its current state you have no choice -- only one token is "valid" at any point in time. > > > > Geeze, if people double click on submit buttons and can get past the > > > javascript then they get what they deserve. ;) > > > > That viewpoint is hard to sell to me. If people double click and I am not > > smart enough to catch it I get what they deserve. =) > > Well, actually, they don't get what they deserve -- which is the > output from the first request. ;) > > > > -- > Bill Moseley > [EMAIL PROTECTED] > > > _______________________________________________ > List: [email protected] > Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/[email protected]/ > Dev site: http://dev.catalyst.perl.org/ _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
