thr3ads.net - Rails - Rails double submit -> double post -> duplicate data [Jun 2011]

If this information is useful, please help other people find it:
Share via:

Miquel Cubel

2011-Jun-29 11:04 UTC

Rails double submit -> double post -> duplicate data

Hi,

     We are encountering occasions where users post twice or more a 
form, basically we have detected two situations:
     a) The user push twice enter
     b) The user push double click on button "save" or
"submit"

     We consider that this becomes a problem when creating (because we 
duplicate data) and we think that in some context it could become a 
security issue (like posting twice a payment), so we like to know How do 
you approach it?

     Our approaches to the problem:
     a) JavaScript implementation like "<form 
onSubmit="doublePostCheck()"> and only returning true the first
time
         -> Problems: different navigators (firefox, safari....),
     b) Token / Flag validation, base on a hidden variable in the form, 
and validation of a unique token/server for post in the server
         -> Problems: how do you handle errors... do you save the first 
register and raise and error for the second?
         -> Where should we implemented in the controller "create"?
Can
it be in the class ApplicationController?
     c) Hash of the data in the post, and checking if last hash is 
different than the new one
         -> Problems: how do you handle errors... do you save the first 
register and raise and error for the second? We can''t duplicate data if
we need it
         -> Where should we implemented in the controller "create"?
Can
it be in the class ApplicationController?

     Thanks in advanced

-- 
Miquel Cubel Escarré
+34 699 73 22 46
mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org

"Computers are good at following instructions, but not at reading your
mind." Donald Knuth.

"Los ordenadores son buenos siguiendo instrucciones, pero no leyendo tu
mente." Donald Knuth.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Jim Ruther Nill

2011-Jun-29 11:35 UTC

head link

Re: Rails double submit -> double post -> duplicate data

On Wed, Jun 29, 2011 at 7:04 PM, Miquel Cubel
<mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi,
>
>    We are encountering occasions where users post twice or more a form,
> basically we have detected two situations:
>    a) The user push twice enter
>    b) The user push double click on button "save" or
"submit"
>
>Simplest solution we''ve done before is disabling the button on submit. 
this
should work on all browsers.

>    We consider that this becomes a problem when creating (because we
> duplicate data) and we think that in some context it could become a
security
> issue (like posting twice a payment), so we like to know How do you
approach
> it?
>
>    Our approaches to the problem:
>    a) JavaScript implementation like "<form
onSubmit="doublePostCheck()">
> and only returning true the first time
>        -> Problems: different navigators (firefox, safari....),
>    b) Token / Flag validation, base on a hidden variable in the form, and
> validation of a unique token/server for post in the server
>        -> Problems: how do you handle errors... do you save the first
> register and raise and error for the second?
>        -> Where should we implemented in the controller
"create"? Can it be
> in the class ApplicationController?
>    c) Hash of the data in the post, and checking if last hash is different
> than the new one
>        -> Problems: how do you handle errors... do you save the first
> register and raise and error for the second? We can''t duplicate
data if we
> need it
>        -> Where should we implemented in the controller
"create"? Can it be
> in the class ApplicationController?
>
>    Thanks in advanced
>
> --
> Miquel Cubel Escarré
> +34 699 73 22 46
> mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>
> "Computers are good at following instructions, but not at reading your
> mind." Donald Knuth.
>
> "Los ordenadores son buenos siguiendo instrucciones, pero no leyendo
tu
> mente." Donald Knuth.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk@googlegroups.**com<rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> .
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe@**googlegroups.com<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> .
> For more options, visit this group at http://groups.google.com/**
>
group/rubyonrails-talk?hl=en<http://groups.google.com/group/rubyonrails-talk?hl=en>
> .
>
>

-- 
-------------------------------------------------------------
visit my blog at http://jimlabs.heroku.com

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Walter Lee Davis

2011-Jun-29 11:57 UTC

head link

Re: Rails double submit -> double post -> duplicate data

On Jun 29, 2011, at 7:35 AM, Jim Ruther Nill wrote:
>
>
> On Wed, Jun 29, 2011 at 7:04 PM, Miquel Cubel
<mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
> Hi,
>
>    We are encountering occasions where users post twice or more a  
> form, basically we have detected two situations:
>    a) The user push twice enter
>    b) The user push double click on button "save" or
"submit"
>
>
> Simplest solution we''ve done before is disabling the button on  
> submit.  this should work on all browsers.
<%=  f.submit ''Save'', :disable_with =>
''Saving...'' %>

Nice and simple, and in the newer Rails, unobtrusive, too.

Walter
>
>    We consider that this becomes a problem when creating (because we  
> duplicate data) and we think that in some context it could become a  
> security issue (like posting twice a payment), so we like to know  
> How do you approach it?
>
>    Our approaches to the problem:
>    a) JavaScript implementation like "<form  
> onSubmit="doublePostCheck()"> and only returning true the
first time
>        -> Problems: different navigators (firefox, safari....),
>    b) Token / Flag validation, base on a hidden variable in the  
> form, and validation of a unique token/server for post in the server
>        -> Problems: how do you handle errors... do you save the  
> first register and raise and error for the second?
>        -> Where should we implemented in the controller
"create"?
> Can it be in the class ApplicationController?
>    c) Hash of the data in the post, and checking if last hash is  
> different than the new one
>        -> Problems: how do you handle errors... do you save the  
> first register and raise and error for the second? We can''t  
> duplicate data if we need it
>        -> Where should we implemented in the controller
"create"?
> Can it be in the class ApplicationController?
>
>    Thanks in advanced
>
> -- 
> Miquel Cubel Escarré
> +34 699 73 22 46
> mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>
> "Computers are good at following instructions, but not at reading  
> your mind." Donald Knuth.
>
> "Los ordenadores son buenos siguiendo instrucciones, pero no leyendo  
> tu mente." Donald Knuth.
>
> -- 
> You received this message because you are subscribed to the Google  
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails- 
> talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>
>
>
>
> -- 
> -------------------------------------------------------------
> visit my blog at http://jimlabs.heroku.com
>
> -- 
> You received this message because you are subscribed to the Google  
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails- 
> talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
> .
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Miquel Cubel

2011-Jun-29 12:17 UTC

head link

Re: Rails double submit -> double post -> duplicate data

Hi,

     Works perfectly!

     Thanks a lot.

El 29/06/2011 13:57, Walter Lee Davis escribió:>
> On Jun 29, 2011, at 7:35 AM, Jim Ruther Nill wrote:
>
>>
>>
>> On Wed, Jun 29, 2011 at 7:04 PM, Miquel Cubel
<mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> Hi,
>>
>>    We are encountering occasions where users post twice or more a 
>> form, basically we have detected two situations:
>>    a) The user push twice enter
>>    b) The user push double click on button "save" or
"submit"
>>
>>
>> Simplest solution we''ve done before is disabling the button on
>> submit.  this should work on all browsers.
>
> <%=  f.submit ''Save'', :disable_with =>
''Saving...'' %>
>
> Nice and simple, and in the newer Rails, unobtrusive, too.
>
> Walter
>
>>
>>    We consider that this becomes a problem when creating (because we 
>> duplicate data) and we think that in some context it could become a 
>> security issue (like posting twice a payment), so we like to know How 
>> do you approach it?
>>
>>    Our approaches to the problem:
>>    a) JavaScript implementation like "<form 
>> onSubmit="doublePostCheck()"> and only returning true the
first time
>>        -> Problems: different navigators (firefox, safari....),
>>    b) Token / Flag validation, base on a hidden variable in the form, 
>> and validation of a unique token/server for post in the server
>>        -> Problems: how do you handle errors... do you save the
first
>> register and raise and error for the second?
>>        -> Where should we implemented in the controller
"create"? Can
>> it be in the class ApplicationController?
>>    c) Hash of the data in the post, and checking if last hash is 
>> different than the new one
>>        -> Problems: how do you handle errors... do you save the
first
>> register and raise and error for the second? We can''t
duplicate data
>> if we need it
>>        -> Where should we implemented in the controller
"create"? Can
>> it be in the class ApplicationController?
>>
>>    Thanks in advanced
>>
>> -- 
>> Miquel Cubel Escarré
>> +34 699 73 22 46
>> mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>>
>> "Computers are good at following instructions, but not at reading 
>> your mind." Donald Knuth.
>>
>> "Los ordenadores son buenos siguiendo instrucciones, pero no
leyendo
>> tu mente." Donald Knuth.
>>
>> -- 
>> You received this message because you are subscribed to the Google 
>> Groups "Ruby on Rails: Talk" group.
>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To unsubscribe from this group, send email to 
>>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> For more options, visit this group at 
>> http://groups.google.com/group/rubyonrails-talk?hl=en.
>>
>>
>>
>>
>> -- 
>> -------------------------------------------------------------
>> visit my blog at http://jimlabs.heroku.com
>>
>> -- 
>> You received this message because you are subscribed to the Google 
>> Groups "Ruby on Rails: Talk" group.
>> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To unsubscribe from this group, send email to 
>>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> For more options, visit this group at 
>> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
-- 
Miquel Cubel Escarré
+34 699 73 22 46
mcubel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org

"Computers are good at following instructions, but not at reading your
mind." Donald Knuth.

"Los ordenadores son buenos siguiendo instrucciones, pero no leyendo tu
mente." Donald Knuth.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reasonably Related Threads

Search for more apparently analagous threads

Rails - Jun 2011 - Rails double submit -> double post -> duplicate data

Rails double submit -> double post -> duplicate data

Re: Rails double submit -> double post -> duplicate data

Re: Rails double submit -> double post -> duplicate data

Re: Rails double submit -> double post -> duplicate data

Reasonably Related Threads