Prevention of Double Form Submissions

Question

Prevention of Double Form Submissions

Exact duplicate : How to handle multiple third-party applications

Overall objective: Prevent duplicate submission in a multi-user web application. Think about financial transactions.

I have two methods that can be used in tandem:

JavaScript button disable
- Disadvantage: does not work if JavaScript is disabled.
Vertical version - see how long ago the last request of this type came from this user and generated an error, if not so long ago
- Drawback: if two views are close enough to each other, each of them may not know the other

I am looking for subject experts to contribute my best practices as well as esoteric tricks. It can be any language and structure, but Django is of particular interest. A lot has been written about the problem on the Internet, but it would be nice if the best practices were shown here.

+6

html forms double-submit-prevention

Krystian cybulski May 19, '09 at 12:26

source share

1 answer

James davies · Answer 1 · 2009-05-19T00:36:20+0000

The general solution is to generate a token on the server every time you create a form. Store the token on the server, add it as a hidden field to the form and delete it as soon as you get a view of the form with this token.

If you get a form submission without a valid token, this means that the form is already submitted and ignores it.

This has the added benefit of adding XSRF security to your project.

Prevention of Double Form Submissions

More articles: