To fix duplicate form submission issue, you essentially need to implement the Synchroniser Token pattern.
This Synchroniser Token pattern is a common technique as follows:
- Your application generates a unique token (based upon date, time and session id maybe) with each request or submits from the browser and embeds it in each HTML page returned to the browser as a hidden field.
- When the user hits a submit button, at the server you check that the token in the page matches the token on the server.
- If it does, you carry on.
- If it doesn't, you don't accept the submitted data (you either fail or just show the user the last page with an error/warning).
- Once the token is checked you immediately create a new unique token.
Now, if the same page is submitted again (by pressing the refresh button) or an old page is submitted (by the user pressing Back) the tokens will no longer match, as the server token was changed, so you can reject the submission.
-Happy Programming,
-NjN
No comments:
Post a Comment