Preventing double HTTP POST

Question

I have made a little app for signing up for an event. User input their data and click \"sign me in\".

Now sometimes people are double in the database, the exact sam

Answer 1

Almost no one has js disabled. Think about coding your e-commerce website for the 70 year old woman who double clicks every link and button. All you want to do is add a javascript to prevent her clicking "Order Now" twice. Yes - check this at the server side too "be defensive" - but don't code for that case. But for the sake of a better UI do it on the client side too.

Here are some scripts that I found:

//
// prevent double-click on submit
//
  jQuery('input[type=submit]').click(function(){
    if(jQuery.data(this, 'clicked')){
      return false;
    }
    else{
      jQuery.data(this, 'clicked', true);
      return true;
    }
  });

and

// Find ALL <form> tags on your page
$('form').submit(function(){
    // On submit disable its submit button
    $('input[type=submit]', this).attr('disabled', 'disabled');
});

Answer 2

You can track the number of times the form's been submitted and compare it to the number of unique visits to the page with the form on it in the session.

Answer 3

None of the solutions address a load-balance server.

If you have some load balancer, send a UUID (or any type of unique number) to the server to store and read again will not work well if the server is not aware of other servers, because each request could be processed by a different server in a stateless environment. These servers need to read/write to the same place.

If you have multiple servers you will need to have some shared cache (like a Redis) among the servers to read/write the unique value in the same place (what could be an over-engineering solution, but works).

Answer 4

Beside the many good techniques already mentioned, another simple server-side method, that has the drawback of requiring a session, is to have a session variable that is switched off on the first submit.

Answer 5

A client-only solution won't be enough, as stated in many of the answers here. You need to go with a server-side fail-safe.

An often overlooked reason that disabling the submit button doesn't work is, the user can simply refresh the submit target (and click OK on the "are you sure you want to resubmit the POST data?" dialog). Or even, some browsers may implicitly reload the submitted page when you try to save the page to disk (for example, you're trying to save a hard-copy of an order confirmation).

Answer 6

A user-side solution is to disable the submission button via Javascript after the first click.

It has drawbacks, but I see it often used on e-commerce websites.

But, it won't never replace a real server-side validation.