Nope the sessions are stored on FS I was having issues with DB sessions under a load balancer.
On Wed, May 2, 2012 at 8:47 PM, Massimo Di Pierro < [email protected]> wrote: > Are you by any chance storing sessions on DB? In this case the double form > submission prevention may fail because sessions in DB are not locked. > Sessions in DB may cause race conditions. > > > On Wednesday, 2 May 2012 22:35:31 UTC-5, Bruce Wade wrote: >> >> Yes you are probably right, I just found out about the problem as I >> thought it was protected from the multiple posts. >> >> The process was designed this way as some people were having selected the >> wrong products or at least calling and saying they have, the process now >> prevents that 100%. Now I just need to fix this last issue. I added >> javascript to disable the button however like you said I need to also add >> some backend code which is proving to be a little challenging as it is >> using the default protection however that is also back firing on how our >> workflow is. >> >> Thanks for the help. >> >> -- >> Regards, >> Bruce >> >> On Wed, May 2, 2012 at 5:20 PM, Anthony <[email protected]> wrote: >> >>> However when they get to step 6 and click multiple times because of >>>> server lag or being impatient they get step 4 loaded again which would be >>>> an empty form in the normal since, and if they click pay again they end up >>>> double paying for the same order. >>>> >>> >>> I see. I think that's a design problem. web2py has built-in >>> functionality to prevent double form submission (as long as you pass >>> session to form.accepts, or use the default behavior of form.process, which >>> automatically uses the session) -- it adds a one-time hidden _formkey to >>> the form and stores it in the session, and once the form has been submitted >>> and accepted, the _formkey is deleted from the session, so the form cannot >>> be re-submitted. If your form processing uses a different workflow, you'll >>> need to implement your own protection against double submission. >>> >>> A good start would be to disable the submit button on click, but you >>> might also want to add some server-side protection against double >>> submission. >>> >>> Anthony >>> >> >> >> >> -- >> -- >> Regards, >> Bruce Wade >> http://ca.linkedin.com/in/**brucelwade<http://ca.linkedin.com/in/brucelwade> >> http://www.wadecybertech.com >> http://www.fittraineronline.**com <http://www.fittraineronline.com> - >> Fitness Personal Trainers Online >> http://www.warplydesigned.com >> >> -- -- Regards, Bruce Wade http://ca.linkedin.com/in/brucelwade http://www.wadecybertech.com http://www.fittraineronline.com - Fitness Personal Trainers Online http://www.warplydesigned.com
