why not just use the token like everyone else is doing. have a uuid in session and one in a hidden input field. generate a new one on every new form submit and if show an error page if they dont match.
But how are they handling the back button for this?
Form submit -> back button -> Form submit.
This should work i guess, or is this just also then illegal? Then we should make a behahaviour so that you can attach it to a form to make the form block double submits.
In the case where the user submits twice quickly in succession, and the
first submit is still being processed, then my preferred behavior would
be to have the second submit join the currently processing first submit,
and to receive the output from that. (Aka: only do the work once)
Having the second request join the first and let it output the first request will be pretty hard.first submit is still being processed, then my preferred behavior would
be to have the second submit join the currently processing first submit,
and to receive the output from that. (Aka: only do the work once)
Because the request are synced after each other, and it could be that the request of the first is already written.
so this would be a very difficult timing thing currently because we know if it is a double submit only
when the first submit did finish.
And giving just the output of the first can also be very confusing. Just think of a situation that a submit takes place
but he sees an error in the data it submits. Then it quickly fixes it and pressed submit again.. What should happen then?
johan
