Are you by any chance storing sessions on DB? In this case the double form submission prevention may fail because sessions in DB are not locked. Sessions in DB may cause race conditions.
On Wednesday, 2 May 2012 22:35:31 UTC-5, Bruce Wade wrote: > > Yes you are probably right, I just found out about the problem as I > thought it was protected from the multiple posts. > > The process was designed this way as some people were having selected the > wrong products or at least calling and saying they have, the process now > prevents that 100%. Now I just need to fix this last issue. I added > javascript to disable the button however like you said I need to also add > some backend code which is proving to be a little challenging as it is > using the default protection however that is also back firing on how our > workflow is. > > Thanks for the help. > > -- > Regards, > Bruce > > On Wed, May 2, 2012 at 5:20 PM, Anthony <[email protected]> wrote: > >> However when they get to step 6 and click multiple times because of >>> server lag or being impatient they get step 4 loaded again which would be >>> an empty form in the normal since, and if they click pay again they end up >>> double paying for the same order. >>> >> >> I see. I think that's a design problem. web2py has built-in functionality >> to prevent double form submission (as long as you pass session to >> form.accepts, or use the default behavior of form.process, which >> automatically uses the session) -- it adds a one-time hidden _formkey to >> the form and stores it in the session, and once the form has been submitted >> and accepted, the _formkey is deleted from the session, so the form cannot >> be re-submitted. If your form processing uses a different workflow, you'll >> need to implement your own protection against double submission. >> >> A good start would be to disable the submit button on click, but you >> might also want to add some server-side protection against double >> submission. >> >> Anthony >> > > > > -- > -- > Regards, > Bruce Wade > http://ca.linkedin.com/in/brucelwade > http://www.wadecybertech.com > http://www.fittraineronline.com - Fitness Personal Trainers Online > http://www.warplydesigned.com > >
