Hi,
We are encountering occasions where users post twice or more a
form, basically we have detected two situations:
a) The user push twice enter
b) The user push double click on button “save” or “submit”
We consider that this becomes a problem when creating (because we
duplicate data) and we think that in some context it could become a
security issue (like posting twice a payment), so we like to know How do
you approach it?
Our approaches to the problem:
a) JavaScript implementation like "<form
onSubmit=“doublePostCheck()”> and only returning true the first time
-> Problems: different navigators (firefox, safari…),
b) Token / Flag validation, base on a hidden variable in the form,
and validation of a unique token/server for post in the server
-> Problems: how do you handle errors… do you save the first
register and raise and error for the second?
-> Where should we implemented in the controller “create”? Can
it be in the class ApplicationController?
c) Hash of the data in the post, and checking if last hash is
different than the new one
-> Problems: how do you handle errors… do you save the first
register and raise and error for the second? We can’t duplicate data if
we need it
-> Where should we implemented in the controller “create”? Can
it be in the class ApplicationController?
Thanks in advanced
–
Miquel C. Escarr
+34 699 73 22 46
[email protected]
“Computers are good at following instructions, but not at reading your
mind.” Donald Knuth.
“Los ordenadores son buenos siguiendo instrucciones, pero no leyendo tu
mente.” Donald Knuth.
On Wed, Jun 29, 2011 at 7:04 PM, Miquel C. [email protected] wrote:
Hi,
We are encountering occasions where users post twice or more a form,
basically we have detected two situations:
a) The user push twice enter
b) The user push double click on button “save” or “submit”
Simplest solution we’ve done before is disabling the button on submit.
this
should work on all browsers.
validation of a unique token/server for post in the server
in the class ApplicationController?
.
For more options, visit this group at http://groups.google.com/**
group/rubyonrails-talk?hl=enhttp://groups.google.com/group/rubyonrails-talk?hl=en
.
–
On Jun 29, 2011, at 7:35 AM, Jim Ruther N. wrote:
Simplest solution we’ve done before is disabling the button on
submit. this should work on all browsers.
<%= f.submit ‘Save’, :disable_with => ‘Saving…’ %>
Nice and simple, and in the newer Rails, unobtrusive, too.
Walter
Hi,
Works perfectly!
Thanks a lot.
El 29/06/2011 13:57, Walter Lee D. escribi:
a) The user push twice enter
Walter
→ Problems: different navigators (firefox, safari…),
if we need it
"Computers are good at following instructions, but not at reading
[email protected].
You received this message because you are subscribed to the Google
Groups “Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
–
Miquel C. Escarr
+34 699 73 22 46
[email protected]
“Computers are good at following instructions, but not at reading your
mind.” Donald Knuth.
“Los ordenadores son buenos siguiendo instrucciones, pero no leyendo tu
mente.” Donald Knuth.