[Catalyst] Double-posted forms
Jules Bean
jules at jellybean.co.uk
Thu Nov 10 17:28:26 CET 2005
Bill Moseley wrote:
> To help with double-posting I sometimes create a unique ID and place
> it in a hidden field and in the session. Then on submission I make
> sure they match and the remove it from the session.
>
>
The most robust technique IMO is (some variation of) for transactions of
type foo which are built up over a few clicks (such as sales) you have a
relation incomplete_foos in your storage; each page after the first
refers either in the URL or in a hidden field to the ID in this table of
the currently being built transaction. When the final transaction
approval is clicked you remove the incomplete transaction by ID and
process the full transaction.
This guards against double-clicks and still scales even if you have a
server farm handling the requests. Of course it's a bit heavyweight and
possibly too slow for certain situations.
Still I feel pretty sick when the websites of fairly well-known
companies contain admonitions to 'not press submit twice in case of
repeated transactions'.
Jules
More information about the Catalyst
mailing list