This is really weird. User testing in my staging environment where the SSL certificate for the secure domain has expired. Here is the scenario: User fills in a form containing a serial number which has to be unique. which I use validate_uniqueness and a unique index on the mysql db (belt and braces). The create action is fired in the controller to do the insert on the model. So far so good. The next controller "new" action is protected by SSL and this domain has an expired certificate and IE8 puts up the expected warning which the user will ignore. The original POST and the create action is invoked again, to which the model says that it has a duplicate serial number. Why is the POST sent again by the browser? Doesn''t happen on any other browser. I could install another valid test certificate but it is a real pain to do (too many sleazy sales guys call and they do not understand what they are selling!). Any other suggestion as to how to avoid this happening and how I can write some tests for this! Here is an excerpt from the log. Processing ConfirmationController#new (for some.ip.add.ress at 2011-03-28 19:23:39) [GET] <snip> Completed in 204ms (View: 143, DB: 11) | 200 OK [http:// test.nonssldomain.co.uk/confirmation/new/21] Processing ConfirmationController#create (for some.ip.add.ress at 2011-03-28 19:24:06) [POST] <snip> Confirmation Create (0.2ms) INSERT INTO `confirmations` (`flags`, `quote_id`, `created_at`, `updated_at`, `id`, `serialnum`) VALUES(4, 21, ''2011-03-28 18:24:06'', ''2011-03-28 18:24:06'', 21, ''434343434'') SQL (3.2ms) COMMIT Redirected to http://test.nonssldomain.co.uk/payment/new/21?payment=monthly Completed in 71ms (DB: 12) | 302 Found [http://test.nonssldomain.co.uk/ confirmation] Processing PaymentController#new (for some.ip.add.ress at 2011-03-28 19:24:07) [GET] <snip> Redirected to https://secure.ssldomain.com/payment/new/21?payment=monthly Filter chain halted as [:ensure_proper_protocol] rendered_or_redirected. Completed in 35ms (DB: 5) | 302 Found [http://test.nonssldomain.co.uk/ payment/new/21?payment=monthly] Processing ConfirmationController#create (for some.ip.add.ress at 2011-03-28 19:24:22) [POST] Parameters: {"confirmation"=>{"serialnum"=>"434343434", "resident"=>"1"}, "authenticity_token"=>"lrUm1Ja +jjx5TxO1H4p9BhvgsjHpQwV/r5tyZvijJpw="} <snip> Confirmation Load (0.3ms) SELECT * FROM `confirmations` WHERE (`confirmations`.`serialnum` = ''434343434'') LIMIT 1 SQL (0.1ms) ROLLBACK <snip> Completed in 119ms (View: 63, DB: 11) | 200 OK [http:// test.nonssldomain.co.uk/confirmation] -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.