发表新帖
发表新帖

How do you prevent a user from posting data multiple times on a website

前端 未结
关注
7 1095
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-08 16:30

I am working on a web application (J2EE) and I would like to know the options that are available for handling a double post from the browser.

The solutions that I ha

相关标签:
7条回答
  • 无人共我
    2020-12-08 16:42

    I'd use a timestamp and compare values with your server side code. If two timestamps are close enough and have the same IP address, ignore the second form submission.

    0 讨论(0)
  • 梦谈多话
    2020-12-08 16:52

    Its hard to implement an idiot-proof solution (as they are alway improving the idiots). No matter what you do, the client side can be manipulated or perform incorrectly.

    Your solution has got to be server side to be reliable and secure. That said, one approach is to review the request and check system/database state or logs to determine if it was already processed. Ideally, the process on the server side should be idempotent if possible, and it will have to protect against dupe submits if it can't be.

    0 讨论(0)
  • 爱一瞬间的悲伤
    2020-12-08 16:53

    we use a time sensitive, one time ticket. It's like a session id of sort. But it is tied to the form/page.

    You discard the ticket when the user submits the page, and you only process pages that comes with a valid ticket. You can, at the same time, tighten security by attaching the ticket to a user, so tat if a ticket comes in that is submitted by a user that is not the user that the ticket was submitted to, you reject the request.

    0 讨论(0)
  • 抹茶落季
    2020-12-08 17:00

    You could supply a "ticket" as part of the form, some random number - and make sure it doesn't get accepted twice, on the server side.

    0 讨论(0)
  • 傲寒
    2020-12-08 17:01

    Struts has something like this built in if you happen to be using it.

    http://struts.apache.org/1.x/apidocs/org/apache/struts/util/TokenProcessor.html

    0 讨论(0)
  • 执念已碎
    2020-12-08 17:03

    Two server-side solutions come to mind:

    1. Create one-time use "tokens" in a hidden form field. Once a token is used, it is deleted from whatever database or session context object you're storing it in. The second time, it's not accepted.
    2. Cache information received, and if an identical form is received within a certain time period (10 minutes? an hour? You decide!) it is ignored.
    0 讨论(0)
 看不清?
提交回复
热议问题