On Jun 29, 2011, at 7:35 AM, Jim Ruther Nill wrote:
>
>
> On Wed, Jun 29, 2011 at 7:04 PM, Miquel Cubel <mcubel@gmail.com>
> wrote:
> Hi,
>
> We are encountering occasions where users post twice or more a
> form, basically we have detected two situations:
> a) The user push twice enter
> b) The user push double click on button "save" or "submit"
>
>
> Simplest solution we've done before is disabling the button on
> submit. this should work on all browsers.
<%= f.submit 'Save', :disable_with => 'Saving...' %>
Nice and simple, and in the newer Rails, unobtrusive, too.
Walter
>
> We consider that this becomes a problem when creating (because we
> duplicate data) and we think that in some context it could become a
> security issue (like posting twice a payment), so we like to know
> How do you approach it?
>
> Our approaches to the problem:
> a) JavaScript implementation like "<form
> onSubmit="doublePostCheck()"> and only returning true the first time
> -> Problems: different navigators (firefox, safari....),
> b) Token / Flag validation, base on a hidden variable in the
> form, and validation of a unique token/server for post in the server
> -> Problems: how do you handle errors... do you save the
> first register and raise and error for the second?
> -> Where should we implemented in the controller "create"?
> Can it be in the class ApplicationController?
> c) Hash of the data in the post, and checking if last hash is
> different than the new one
> -> Problems: how do you handle errors... do you save the
> first register and raise and error for the second? We can't
> duplicate data if we need it
> -> Where should we implemented in the controller "create"?
> Can it be in the class ApplicationController?
>
> Thanks in advanced
>
> --
> Miquel Cubel Escarré
> +34 699 73 22 46
> mcubel@gmail.com
>
> "Computers are good at following instructions, but not at reading
> your mind." Donald Knuth.
>
> "Los ordenadores son buenos siguiendo instrucciones, pero no leyendo
> tu mente." Donald Knuth.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-
> talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>
>
>
>
> --
> -------------------------------------------------------------
> visit my blog at http://jimlabs.heroku.com
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-
> talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
> .
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment