> Don't know if this is complimentary to your workflow,
> try a javascript confirm (ie a client side pop-up, asking the user to click
> "Ok" to continue). This will catch any double clicks on the client side.
Unfortunatly I think our users would object to this solution.
Server side, instead of putting a token in the session when the page is *served*, put a token in the session while the submission is being processed (use it like a semaphore). The token has a finite lifecycle (created on form submission, death on submission response served). There's no need to match tokens unless you're worried about something other than duplicate submission detection (such as security or time-based form relevance).
I've had to do this before when credit card processing was being done. A double-click can result in the credit card being charged twice, so you've really got to avoid it.
We actually synchronized on the session for the duration of the processing, and then set a flag in the session once the processing was done. Any subsequent attempts would be flagged as duplicates and you'd just get a results screen.
The same could be done for multiple transactions if, as Justin suggests, you put a token into the session *during processing*. Just generate the token when you serve the page and submit it along with the form to be processed. Synchronize on the session to check it and then put the token into the session. If the token is already there, then skip the transaction. It's nice to show a result screen even for a double-submission, so you might want to synchronize on the token itself after you have obtained it from the (synchronized) session.
That will allow you to finish the processing from the *first* submission, and then show the results in the second submission. The browser, having submitted twice, will "hang up" on the first connection and the second one will show the results. You'll have to put the results in the session, then, to display them to the browser for the second submission.
It's pretty hairy, no doubt.
-chris
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
