How to stop a user submitting the same data more than once

I have a standard form built with rails, which a user to my site can use
to submit data. Unfortunately one user just managed to submit exactly
the the same data three times in a row.

From the server logs it seems as though he didn’t use his back button
and then resubmit everything. It looks more like he got a bit fed up
waiting for the form to process and pressed the submit button three
times.

However, I didn’t think this was possible in Rails. Is this correct?

For the life of me I cannot reproduce this error, even by entering the
exact same data the user did and pressing submit ten times in quick
succession.

Can anyone give me any tips on as to why this might have happened and
what I can do to prevent this happening in future.

Thanks in advance.

Quick hit from google after using “disable form rails after click”:
http://railsforum.com/viewtopic.php?id=9585

Hope this helps.

Aldric G. wrote:

Quick hit from google after using “disable form rails after click”:
http://railsforum.com/viewtopic.php?id=9585

Hope this helps.

Cheers for the reply, but this is quick and dirty and doesn’t solve the
problem if the user has javascript disabled.

I would rather understand what is happening when submit is pressed and
work things out from there.

Would be grateful for any more suggestions.

Jim B. wrote:

I would rather understand what is happening when submit is pressed and
work things out from there.

In my very limited understanding of the web, this is what happens:

  1. data is entered
  2. ‘submit’ is pressed
  3. Asynchronous request is sent. If there is a way to make a form submit
    a synchronous request, as in, won’t be usable until the server comes
    back with “200 OK” or whatever a server does when it’s happy, then
    that’s probably what you want.

Jim B. wrote:

Thanks for the reply.
I am still confused though, as to why I cannot reproduce the error.
When I press submit ten times in quick succession then only one data set
is submitted.

Are you trying from the server? A computer on the same switch? On the
same subnet? Remember, we’re dealing with packets here :slight_smile:

Thanks for the reply.
I am still confused though, as to why I cannot reproduce the error.
When I press submit ten times in quick succession then only one data set
is submitted.

No.
I’m at home on my computer, the application is on a web server somewhere
in Germany (as far as I know). I will however try to create the error
from a different computer, see if that works.

Jim B. wrote:

No.
I’m at home on my computer, the application is on a web server somewhere
in Germany (as far as I know). I will however try to create the error
from a different computer, see if that works.

Can you reproduce the same kind of traffic surrounding the times when
the user was doing the submit? It’s the blind leading the blind here,
but I wonder if that may have to do with it…

It’s the blind leading the blind here,

:slight_smile:

It was last night and there was relatively little going on.
I don’t think traffic is the problem.

Jim B. wrote:

It’s the blind leading the blind here,

:slight_smile:

It was last night and there was relatively little going on.
I don’t think traffic is the problem.

Well, then it’s time to sacrifice a goat.
How long does it take once the button is pressed? Try pressing it once,
then again after two-three seconds.

Or try double-clicking, then double-clicking again.

Remember – users NEVER do things the way you expect them to, always the
way THEY want to.

On 26 Aug 2009, at 16:02, Jim B. wrote:

I have a standard form built with rails, which a user to my site can
use
to submit data. Unfortunately one user just managed to submit exactly
the the same data three times in a row.

From the server logs it seems as though he didn’t use his back button
and then resubmit everything. It looks more like he got a bit fed up
waiting for the form to process and pressed the submit button three
times.

if the back action just fetched the page from the browser’s local
cache you wouldn’t be able to tell.

However, I didn’t think this was possible in Rails. Is this correct?

Nothing particular in rails to stop this (or rather it is a client
side problem really - rails just sees 3 inbound requests)

Fred

Is the user who caused the problem friendly or malicious?

If (s)he is (or could be) malicious, then perhaps (s)he didn’t use a
browser to create three records in your database, but instead wrote
some code to post three times in quick succession.

I just added a “sleep 5” to my #create method and tried using the
“curl” utility to replicate your problem:

curl -d"traveler[name]=z" http://localhost:3000/travelers

…but that failed because I didn’t set the authenticity token
properly. I tried a few different things to figure out how to set it
properly, but ultimately gave up and just commented out the
#protect_from_forgery call in my application controller.

Sure enough, I was able to fire off 3 of these curl commands in quick
succession and create 3 new records.

If I were of a much more malicious bent, I could probably figure out
how to spoof the authenticity token. At this point, I was just trying
to figure out an answer to “how could this happen?”.

If your user isn’t malicious and isn’t using some sort of automated
HTTP screen scraping/updating utility, then I’ve just wasted your time
making you read this.

–wpd

I have just finished entering the same data into IE and was rather
surprised to see that I could submit it many times.
So, it seems to be the case that Firefox 3.5 surpresses this behaviour,
whilst IE lets you submit your data as many times as you want.

Do you think it would be possible to stop this by using a session.

In PHP I would do something like this:

session_start();
if (!session_is_registered(“counted”)){
$query= insert_database();
session_register(“counted”);
}

Cheers for the reply Fred.
So how would one go about stopping this?
Surely I cannot be the only one with this problem?

On Wed, Aug 26, 2009 at 10:09 AM, Jim
Burgess[email protected] wrote:

I would rather understand what is happening when submit is pressed and
work things out from there.

You can put a hidden field in your form, detect it and then set a
session variable. Then don’t process any more forms when you detect
the existence of the session variable.


Greg D.
http://destiney.com/

They could have also hit the ‘enter’ key multiple times too, not
clicking anything.

But in either case, a small amount of javascript will prevent this.

On Aug 26, 7:27 pm, Jim B. [email protected]
wrote:

if (!session_is_registered(“counted”)){
$query= insert_database();
session_register(“counted”);

That won’t stop it because there is a window in between where you
check and when you set the session variable (ie a race condition).

Fred

Lee S. wrote:

They could have also hit the ‘enter’ key multiple times too, not
clicking anything.

But in either case, a small amount of javascript will prevent this.

To prevent the submit button being pressed many times I am using
<%= submit_tag “Submit”, :onclick => “this.disabled = true” %>
as kindly suggested by Aldric.

How would I stop users pressing enter multiple times with java script.
JS is really not my forte so i would be grateful for any advice

Thanks for all of the answers.
I solved it a little differently and will explain how in case
a) it helps anybody else
b) there is a flaw in my method which I have overlooked

What I did was in the controller:
Create a model object: @applicant = Applicant.new(params[:applicant])
Wait for a post request.
Look up the last email address sucessfully stored in the database.
Check if it is the same as the email address currently being submitted?

If so, it is possible that someone has pressed submit twice, or used the
back button in their browser. This can therefore be ignored and the user
redirected to the success view.

If the email adresses are not identical, check if @applicant can be
saved.
If it can, redirect to success, if it can’t re render index view.

If the applicant is redirected to the success view without their data
being saved (i.e. if both email addresses are the same), then they also
receive a flash message that a double data entry was detected for their
email address and that the record was only saved once.

For this particular application it is not desired that people can apply
twice and in practice it rarely happens.

enter just processes the submit button. if you disable the submit
button, then enter key press will be disabled as well. personally, i
would get rid of the submit tag and use a image_submit_tag to get rid
of stupid keyboard annoyances. This will force the user to click on
the link to submit and you can do things like asking for confirmation
or disabling it once pressed.

On Aug 27, 2:20 am, Jim B. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs