Duplicate Request Handling
4 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   archana_jt
Posted On:   Wednesday, October 13, 2004 10:24 PM

Thanks a lot Sherbir!! What i meant was,the user may click on 'submit' button twice or go 'Back' and resubmit the form...this is generating duplicate request in my 'Web Application'. I'm trying to use hidden field,whose value changes from false to true when we click for the first time(using javascript). Is there anyway we can prevent this form from being submited if the field value is true?Will this be a good solution?Is using javascripts in such situations dependable when medium to high security is required? Wrt session ids...will the 2nd request replace the 1st request which is under processing? should i synchronize it wrt session id? Hope i'm clear this time,t   More>>

Thanks a lot Sherbir!! What i meant was,the user may click on 'submit' button twice or go 'Back' and resubmit the form...this is generating duplicate request in my 'Web Application'.



I'm trying to use hidden field,whose value changes from false to true when we click for the first time(using javascript).



Is there anyway we can prevent this form from being submited if the field value is true?Will this be a good solution?Is using javascripts in such situations dependable when medium to high security is required?



Wrt session ids...will the 2nd request replace the 1st request which is under processing? should i synchronize it wrt session id?



Hope i'm clear this time,thanks in advance!!!

   <<Less

Re: Duplicate Request Handling

Posted By:   archana_jt  
Posted On:   Tuesday, October 19, 2004 03:13 AM

Thank You PPL,for your responses,


I tried this method and it seems to be working:

I have a hidden field which is set to 'false' when the page is loaded.As soon as the form is submitted,it calls a javascript function which checks this value.


If it is true then it doesn't submit,else it sets the value to true and then submits the form.


Even if the user clicks on 'Back',the value is changed 'true', so the form is not submitted.

However I think using javascript is the only loophole.

Even I think,using database to check is a costly approach.

I wouldn't prefer to use 'Struts' bcoz this feature is for a small part of the module.May be we can consider it if very high level of security,integrity is required.

Setting pragma can be considered,but it is not elegant,as we will have to give a link to the next page,wich is not the result page(dynamic).


So,consider this,let me know if this has any drawbacks(if scriptting is always anabled)

Re: Duplicate Request Handling

Posted By:   Sherbir_S  
Posted On:   Thursday, October 14, 2004 10:28 PM



Hi Archana,
Here are a few more solutions to ur problems :
Q. the user may click on 'submit' button twice.
A. The only possible way to avoid this scenario is to
disable the submit button on the first user-click since u
have no control over how many times the user will BANG
HIS MOUSE !!

Q. or go 'Back' and resubmit the form
A. There are two possible solutions to this :
1) Disable the browser's BACK button on the next
page after submitting (using JavaScript) so that
the user just cannot go back.
2) Submit the form in a new window. Design this new
window such that it does not have any menubars or
toolbars...Easy no ?

Q. Is there anyway we can prevent this form from being
submited if the field value is true ? Will this be a good
solution ?

A. This is the third possible solution, but the user can
still click back from the next page...so when the previous
page loads, the value of the hidden variable will again be
re-initialized and re-submitting will be possible !!

Q. Wrt session ids...will the 2nd request replace the 1st
request which is under processing?

A. No the second request won't be replaced...rather, when
the session expires on the next page, and if the user
clicks on back, he/she will be redirected to another page
(This solution is implemented on almost all websites that
have security and data duplication as a major concern).

I hope u'd like 2 implement the last one !!

Q. Hope i'm clear this time ?
A. Yes u r. Crystal clear...and I hope my solutions are
also clear enough to help u in ur decision to proceed
further ??

Do keep me posted.

Cheers !!

Sherbir.

Re: Duplicate Request Handling

Posted By:   Maheedharan_Santhanaraman  
Posted On:   Thursday, October 14, 2004 03:15 AM


hi ,
This is maheedharan,regarding your query,

option1

The user using ur application always has the freedom to goback and resend the same data again and
again,but what we can do here is ,if u r going to insert those values in database,just use a select query
before inserting into database and compare for duplicate entries,if exists then prompt a alert message,
and dont handle the insert operation.


or

option2

if u r using asp/jsp, u can set the page's "expires" property to zero.(not sure in servlets).
so if the user goes back ,the previous page asks for refresh.


But the efficient way what i feel is option 1.


All the best.Let me know if it works.(It will work).


you can contact me through mail:magi_12@yahoo.com


Regards,
Maheedharan.S

Re: Duplicate Request Handling

Posted By:   Malar_K  
Posted On:   Thursday, October 14, 2004 02:51 AM

You can use isTokenValid(httpServletRequest). Just go through the Struts API.
About | Sitemap | Contact