Preventing Double Submit?



I have a sensitive submit button that does a separate credit card
payment post in the controller action, which could take ~2 seconds. I
want to ensure that if the user double clicks on it, that the controller
won’t do two payments. Right now, I do a redirect after the payment
succeeds, so a refresh of the page won’t cause a problem but I am
worried about multiple requests causing multiple payments to go through.

I used to avoid this a few years ago by putting a token into the session
and removing it on the first request and check to see if it is there at
the top of the controller action. However, in this case it would just
kick an error to the user saying you tried to double submit the payment,
which is not very elegant.

With Firefox 1.5, I can jam on the submit button many times and it will
only do one request, but do I need to worry about older browsers? Is
there a rails idiom to take care of this?



In the past I’ve disabled the submit button with javascript, which is
the easist. But for browsers with javascript disabled, I’ve also used
the synchronizer token pattern, which entails setting a unique
identifier into the session for any “instance” of a rendered form on a
page. That way you can check to see if it’s been submitted before
re-running processing logic.

Here’s an article on the idea, though it’s Java: