On Wed, 15 Oct 2008 12:41:55 -0400
"Perrin Harkins" <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 15, 2008 at 12:31 PM, Mark Stosberg <[EMAIL PROTECTED]> wrote:
> > We had a "double submit" bug that allowed a form to be submitted twice when
> > we
> > weren't fully prepared for that. We are still researching the best
> > practices to
> > address this a general case. One approach we are considering is change the
> > submit action on forms with JavaScript, so it disables the submit button,
> > and
> > then actually submit the form, preventing one kind of double-submission. It
> > seems like I don't see this approach happening in the wild much, though. I
> > suspect there is a better solution.
>
> JavaScript is okay, but can be a problem when people hit back
> expecting to use the form again and the button is still disabled.
Thanks for the response.
That's what I was concerned about. I don't have a sense of how
much this would happen in practice.
> Another approach is a unique ID in the form that you track in the
> user's session (i.e. this ID was seen before). If the problem is
> large uploads with no feedback until they finish, you can use one of
> the upload progress tools.
At one point in the past I did a variation of this where we put the next ID of
a related database sequence in the form, and this would become the new primary
key when inserted, and it would of course not allow the same primary key to be
used twice. That worked, but I realized was open to abuse if a user tweaked the
number to be larger than the sequence. Then, eventually a legitimate user would
eventually be assigned that value by the sequence, and it would fail.
Are their specific modules that you recommend to help with this?
Mark
