Johan Maasing wrote:
> This has always been the case, there is nothing preventing the browser
> from opening several views to a server using the same session. Otherwise
> how would for example pop-up windows work?
True. Yet it seldom happens with IE (not that I'm a fan of IE) in the last
five years we've been running our app. I guess most users don't use the
Ctrl-N new-window technique, instead preferring to start a new instance.
The concern we have with Firefox is that it's so easy to encounter the
problem; the safe old habit of starting a new browser is no longer safe.
The way we work around this is the Flow Synchronizer Token pattern that I
learned from this list some time ago. Each form carries a simple ID as a
hidden field. If the user submits a form that's not the one the server
thinks is the current one, a specific exception is thrown that we can catch
and show to the user as a reasonably friendly error page. ("You've
submitted a form twice or a form other than the one expected...") I don't
pretend that the users will totally grok this, but it's better than an
unexpected-error punt and the data doesn't get corrupted.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
