This is a common problem, and I've seen a few different approaches. The
redirect isn't terribly effective; they can always use the browser back
button and resubmit the form, and you usually want to prevent that too.
Or there could be net lag which prevents the the redirect reaching the
user, and they hit 'reload'.
The most robust solutions usually involve keeping track of forms that
the user hasn't submitted yet, and explicitly checking something to
prevent multiple submissions.
If you're using sessions, you can set a flag in the session when you
first give the user the form, then check for the flag and only update
the database if the flag is set, then clear the flag.
Another approach which I've seen is to have a database table called
'pending_forms' or some such, with form_id and timestamp fields. The
form_id would be an MD5-ish thing similar to a session ID. When you
deliver the form to the user, generate a new ID and stick it in the
database, and include the ID as a hidden form field. Delete it from the
database when you process the form submission. The nice thing about
this approach is that it can be coded into a component, and re-used as a
generic mechanism for all of your forms. Of course you also need a cron
job to delete stale form_ids from the table based on timestamp.
Hope this helps.
On Tue, 2006-01-17 at 16:49 -0600, Kris Yates wrote:
> I have a simple form (signup.html).. It shows visitors the form, and
> upon submission, it validates the POST and, if all is well, it saves
> the POST to a database, then finally displays "thank you for posting".
>
> Problem is, if someone sits there and keeps refreshing, it will keep
> reposting.
>
> Not sure what to do, I put a redirect after the database save to a
> non-existing page called submit-signup.html.
>
>
> So now, when someone submits, it redirects them to my dhandler. I am
> trying to change the HTML title tag but not sure what to do.
>
> Currently, I have:
>
> % if($apache_request_uri
> =~ /submit-signup/){
> % $m->base_comp->attr('page_title') = "SignUp Complete";
> % }
> % else {
> Error 404: <% $apache_request_uri %> is an invalid URI.
> % }
>
> Apparently you cannot change an attrib dynamically with PERL code as I
> have done. You cant dymically change a method either.. so what do I
> do to reach my goal here? What does Mason have in place to handle
> this? I'd rather not have to redirect them but I dont know how to
> keep people from refreshing and filling up my database. What should I
> do??
>
> Thanks for any help,
> Kris
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Mason-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mason-users
