原文地址:http://technoesis.net/prevent-double-form-submission/。
Double form submission in a multi-user web based application the most common and critical issue as well. There are many scenarios where we face duplicate submission problem like,
- Clicking submit button twice.
- Using Refresh button.
- Using browser back button traverse back and re-submitting the form.
- Using browser history feature and re-submit the form.
- Duplicate HTTP requests from browser.
There are several ways to Prevent double form submission
Disable the Submit Button. Use JavaScript to disable the button a few ms after click. This will avoid multiple submits being caused by impatient users clicking multiple times on the button. A weakness of this is if clients have JavaScript disabled.
My previous post shows a nice way to prevent double form submission using a jQuery plugin.
The Post / Redirect / Get pattern. Send a redirect after submit, this is known as Post-Redirect-Get (PRG) pattern. In short, when the user posts the form, you perform a client side redirect (after consuming the post data) to the response (success) page.
This will avoid multiple submits being caused by users pressing F5 on the result page and ignoring the browser warning that the data will be resend, or navigating back and forth by browser back/forward buttons and ignoring the same warning.
Store a Unique Token in the session. Generate an unique token when the page is requested and put in both the session scope and as hidden field of the form. During processing, check if the token is there and then remove it immediately from the session and continue processing.
If you get a form submission without a valid token, it means that the form has already been submitted and ignore it.
This has the added advantage of adding XSRF protection to your project.
Add Constraint in Database. Change the database to not allow duplicates by adding an unique constraints or creating a unique index. A unique index is an index that requires that each value of the indexed field is unique. This is the most effective solution for preventing double request’s impact.
How do you overcome double submission? What is a real life example of a problem caused by double submits?