From: "Jeff MacDonald" <suppressed>
>There are alot of users out there that LOVE back buttons to screw
things up, and LOVE clicking a submit button about a milllion times. I
What I've done is stuff a unique value into the form as a hidden field. I
use a time-based value like that available from uniqueid.[1] (It's shorter
than a random hash value.) That becomes part of the transaction value. When
they submit, if I find that the value already exists I display an error
message with recent transaction history, that it appears they hit submit
twice, and ask them to start over if the transaction they were trying to
accomplish doesn't appear in the history.
If I were ultra paranoid about someone altering the form's hidden value, I'd
keep the unique id in the session. Look it up using the session ID. But, I
never felt compelled to do that. If they really want to defeat the system
with duplicate submits, I'd let them do it. I think the goal is to prevent
the accidental/careless/impatient/reckless submits.
[1] http://search.cpan.org/~mwx/Data-Uniqid-0.11/Uniqid.pm
Mark
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.