Exact Duplicate: How to handle multiple submissions server-side
The general task at hand: preventing a double form submission in a multi-user web based application. Think financial transactions.
I have two methods which can be used in tandem:
- JavaScript disabling of button
- Disadvantage: does not work if JavaScript is disabled
- Back-end verfication - see how long ago the last request of this type came from this user and issue error if not too long ago
- Disadvantage: If the two submissions are close enough together, each may not be able to be aware of the other
I am looking for subject matter experts to contribute their best practices as well as esoteric tricks. Can be any language and framework, but Django is of specific interest. A lot has been written on the web about the task at hand, but it would be nice to have the best practices shown here.
The common solution is to generate a token on the server every time you generate a form. Store the token on the server, add it as a hidden field to the form, and delete it once you get a form submission with that token.
If you get a form submission without a valid token, it means that the form has already been submitted and ignore it.
This has the added advantage of adding XSRF protection to your project.
来源:https://stackoverflow.com/questions/880437/preventing-double-form-submissions