Re: jsp form double posting
From: Erwin Moller (since_humans_read_this_I_am_spammed_too_much_at_spamyourself.com)
Date: 11/17/03
- Next message: Christian: "Tomcat 5 - Exception invoking method addResourceLink"
- Previous message: Michael Borgwardt: "Re: a write to a byte is quicker than a bit change ?"
- In reply to: Guru: "Re: jsp form double posting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 17 Nov 2003 12:40:10 +0100
<snip>
>
> Thanks folks. I will try the first solution about disabling the
> button first before posting the form. If that still fails, will try
> the token solution. In any case, would the javascript solution break
> if javascript is disabled? Is there a way to check for this? What to
> do in that case?
>
> Thx again,
> Guru
Hi,
If javascript is disabled the javascriptsolution will not work, even worse,
if implemented as I suggested, your whole form will not be submitted
because javascript give the form.submit() command.
No workaround there I am afraid.
If you think the token-approach is too complicated, you can do it a little
more 'dirty', but easier like this:
use the session of the user to make sure he/she won't post the same form
within, say, 2 seconds, or whatever you think is a double impatient click.
You can store in the session a timestamp, and before inserting thing into a
database, you check if more than 2 seconds have passed by comparing the
timestamp in the session with the current time.
if the time passed is less than what you consider reasonable, you refuse the
second posting.
This is very easy to implement.
Good luck,
Let us know how you solved it.
Regards,
Erwin Moller
- Next message: Christian: "Tomcat 5 - Exception invoking method addResourceLink"
- Previous message: Michael Borgwardt: "Re: a write to a byte is quicker than a bit change ?"
- In reply to: Guru: "Re: jsp form double posting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
