On Wed, Jun 29, 2011 at 7:04 PM, Miquel Cubel <[email protected]> wrote:
> Hi, > > We are encountering occasions where users post twice or more a form, > basically we have detected two situations: > a) The user push twice enter > b) The user push double click on button "save" or "submit" > > Simplest solution we've done before is disabling the button on submit. this should work on all browsers. > We consider that this becomes a problem when creating (because we > duplicate data) and we think that in some context it could become a security > issue (like posting twice a payment), so we like to know How do you approach > it? > > Our approaches to the problem: > a) JavaScript implementation like "<form onSubmit="doublePostCheck()"> > and only returning true the first time > -> Problems: different navigators (firefox, safari....), > b) Token / Flag validation, base on a hidden variable in the form, and > validation of a unique token/server for post in the server > -> Problems: how do you handle errors... do you save the first > register and raise and error for the second? > -> Where should we implemented in the controller "create"? Can it be > in the class ApplicationController? > c) Hash of the data in the post, and checking if last hash is different > than the new one > -> Problems: how do you handle errors... do you save the first > register and raise and error for the second? We can't duplicate data if we > need it > -> Where should we implemented in the controller "create"? Can it be > in the class ApplicationController? > > Thanks in advanced > > -- > Miquel Cubel Escarré > +34 699 73 22 46 > [email protected] > > "Computers are good at following instructions, but not at reading your > mind." Donald Knuth. > > "Los ordenadores son buenos siguiendo instrucciones, pero no leyendo tu > mente." Donald Knuth. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to > rubyonrails-talk@googlegroups.**com<[email protected]> > . > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe@**googlegroups.com<rubyonrails-talk%[email protected]> > . > For more options, visit this group at http://groups.google.com/** > group/rubyonrails-talk?hl=en<http://groups.google.com/group/rubyonrails-talk?hl=en> > . > > -- ------------------------------------------------------------- visit my blog at http://jimlabs.heroku.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
