Sorry if this solution has been mentioned before (i didn't read the earlier
parts of this thread), and I know it's not as perfect as a server-side
solution...
But I've also seen a lot of people use javascript to accomplish the same
thing as a quick fix. Few browsers don't support javascript. Of the small
amount that don't, the venn diagram merge of browsers that don't do
javascript and users with an itchy trigger finger is very small. The
advantage is that it's faster than mungling your own server-side code with
extra logic to prevent double posting.
Add this to the top of the form:
<SCRIPT LANGUAGE="JavaScript">
<!--
var clicks = 0;
function submitOnce() {
clicks ++;
if (clicks < 2) {
return true;
} else {
// alert("You have already clicked the submit button. " +
clicks + " clicks");
return false;
}
}
//-->
</SCRIPT>
And then just add the submitOnce() function to the submit event for the
<form> tag.
At 05:26 PM 1/4/01 -0800, Randal L. Schwartz wrote:
> >>>>> "Ed" == Ed Park <[EMAIL PROTECTED]> writes:
>
>Ed> Has anyone else thought about this?
>
>If you're generating the form on the fly (and who isn't, these days?),
>just spit a serial number into a hidden field. Then lock out two or
>more submissions with the same serial number, with a 24-hour retention
>of numbers you've generated. That'll keep 'em from hitting "back" and
>resubmitting too.
>
>To keep DOS attacks at a minimum, it should be a cryptographically
>secure MD5, to prevent others from lojacking your session.
>
>--
>Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
><[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
>Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
>See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
__________________________________________________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
