问题
I am developping a Single Page Application.
At the end of the application, the user gets to submit his contact information (name, phone number, etc). This sends an Email and modifies the page to a "Thanks for submitting [...]" page.
The problem is, the client can press the Back button and REsend the Email.
Is there a way to prevent this sort of.. spam?
Code
Sub BT_Send(sender As Object, e As EventArgs) Handles BT_Send.Click
Try
'Creating the Email Message
Dim mailMessage As New MailMessage()
mailMessage.To.Add("SomeOne@a.com")
mailMessage.From = New MailAddress("Robot@a.com", "Robot")
mailMessage.Subject = "Test"
mailMessage.IsBodyHtml = True
mailMessage.Body = LBL_Emailbody.Text & _
"<br><br><br><div style=""font-size: 0.7em;"">Robot speaking, I will not answer if you send me a message.</div>"
Dim smtpClient As New SmtpClient("Something.com")
smtpClient.Send(mailMessage)
PNL_Before.Visible = False
PNL_After.Visible = True
Catch ex As Exception
LBL_errorEmail.Visible = True
'Should never happen...
End Try
End sub
回答1:
Here is a very simple example, where I use a static variable on page and avoid database.
the asp.net page is
<asp:Literal runat="server" ID="txtInfos"></asp:Literal><br />
<asp:TextBox runat="server" ID="txtEmail"></asp:TextBox><br />
<asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />/>
and the code behind.
static Dictionary<string, DateTime> cLastSubmits = new Dictionary<string, DateTime>();
private static readonly object syncLock = new object();
protected void Button1_Click(object sender, EventArgs e)
{
DateTime cWhenLast;
lock (syncLock)
{
var cNowIs = DateTime.UtcNow;
if (cLastSubmits.TryGetValue(txtEmail.Text, out cWhenLast))
{
if (cWhenLast > cNowIs )
{
txtInfos.Text = "Please contact us again after 10 seconds";
return;
}
else
{
// ok I let him submit the form, but note the last date time.
cLastSubmits.Remove(txtEmail.Text);
}
}
foreach(var DelMe in cLastSubmits.Where(x => cNowIs > x.Value).ToList())
cLastSubmits.Remove(DelMe.Key);
// if reach here, note the last datetime of submit
cLastSubmits.Add(txtEmail.Text, cNowIs.AddSeconds(10));
}
// and submit the form.
txtInfos.Text = "thank you for submit the form";
}
Some notes.
- If you have many pools (web garden), then this may left user to submit at the same time up to the pool you have.
Of course if a user submit fake data this can not protect you, and thats why we can use:
- The honey pot trick.
- captcha
- Other control thats understands the bots
- Code that understand the re-submit.
来源:https://stackoverflow.com/questions/25040281/how-to-prevent-a-user-from-resubmitting-a-form