Preventing multiple form submissions - What have you done?
-
Hello everyone, I am just curious what you guys have done to prevent a client from jamming away on a submit button on a webform? I have been googling away for a few alternatives but most articles and suggestions I have found involve javascript. Such as this. Although this is a terrific solution, it doesn't prevent anyone from being a shyster and disabling javascript and abusing a webform. This can especially be a pain when the form submission involves inserting into a DB. The result being multiple rows inserted. So there has be some sort of server side solution where if javascript is disabled the multiple form submissions can be ignored or prevented. My current idea is to forward the form submission to a page (after the webform is validated) that indicates the task is processing. But surely there have to be some other solutions. And I am curious about what you people have done for this situation. Or if you know of a good solution on the web that I haven't uncovered on google I would appreciate the link! Thanks, Shaun
-
Hello everyone, I am just curious what you guys have done to prevent a client from jamming away on a submit button on a webform? I have been googling away for a few alternatives but most articles and suggestions I have found involve javascript. Such as this. Although this is a terrific solution, it doesn't prevent anyone from being a shyster and disabling javascript and abusing a webform. This can especially be a pain when the form submission involves inserting into a DB. The result being multiple rows inserted. So there has be some sort of server side solution where if javascript is disabled the multiple form submissions can be ignored or prevented. My current idea is to forward the form submission to a page (after the webform is validated) that indicates the task is processing. But surely there have to be some other solutions. And I am curious about what you people have done for this situation. Or if you know of a good solution on the web that I haven't uncovered on google I would appreciate the link! Thanks, Shaun
Change the button name to "Updating Now". Now, on click check if name is "Updating Now", is so skip the operation Sanjay Sansanwal www.sansanwal.com
-
Change the button name to "Updating Now". Now, on click check if name is "Updating Now", is so skip the operation Sanjay Sansanwal www.sansanwal.com
-
I appreciate your input. But that will not work because before the text can be changed to "Updating Now" the process I want to run once and once only has to finish. By then it is too late and the user will be able to jam away at the button multiple times.
-
-
Thanks again, much appreciated. Still both solutions use javascript. If javascript was disabled on someones browser on purpose it would render those solutions ineffective.
Hi there, I best solution then is to set some flag in database firstime. For subsequent clicks check this flag Sanjay Sansanwal www.sansanwal.com
-
Hi there, I best solution then is to set some flag in database firstime. For subsequent clicks check this flag Sanjay Sansanwal www.sansanwal.com
Why not just set the button to Enabled = False as soon as it is clicked then process the request once request is complete, set button to enabled = true Jon G www.Gizmocoder.com
-
Why not just set the button to Enabled = False as soon as it is clicked then process the request once request is complete, set button to enabled = true Jon G www.Gizmocoder.com
Wouldn't that still require JavaScript?
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Can't manage to P/Invoke that Win32 API in .NET? Why not do interop the wiki way!
-
Hello everyone, I am just curious what you guys have done to prevent a client from jamming away on a submit button on a webform? I have been googling away for a few alternatives but most articles and suggestions I have found involve javascript. Such as this. Although this is a terrific solution, it doesn't prevent anyone from being a shyster and disabling javascript and abusing a webform. This can especially be a pain when the form submission involves inserting into a DB. The result being multiple rows inserted. So there has be some sort of server side solution where if javascript is disabled the multiple form submissions can be ignored or prevented. My current idea is to forward the form submission to a page (after the webform is validated) that indicates the task is processing. But surely there have to be some other solutions. And I am curious about what you people have done for this situation. Or if you know of a good solution on the web that I haven't uncovered on google I would appreciate the link! Thanks, Shaun
An idea would be to add an extra couple of columns to the table that indicate the session id and a timestamp. As all interaction with the database is transacted (i.e. within a BEGIN TRANSACTION and COMMIT/ROLLBACK TRANSACTION) when the first request comes in and enters the transaction the second request gets locked until the first transaction completes. The first thing each transaction does is check whether some data was entered into the database within the last few minutes with the same information - if so then it is a duplicate request, the second transaction is rolled back and an error can be returned. Code Project appears to do something similar as if I get impatient sometimes and hit the submit button a second time I get a page that says something like "You appear to have already posted this message". Does this help?
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Can't manage to P/Invoke that Win32 API in .NET? Why not do interop the wiki way!
-
An idea would be to add an extra couple of columns to the table that indicate the session id and a timestamp. As all interaction with the database is transacted (i.e. within a BEGIN TRANSACTION and COMMIT/ROLLBACK TRANSACTION) when the first request comes in and enters the transaction the second request gets locked until the first transaction completes. The first thing each transaction does is check whether some data was entered into the database within the last few minutes with the same information - if so then it is a duplicate request, the second transaction is rolled back and an error can be returned. Code Project appears to do something similar as if I get impatient sometimes and hit the submit button a second time I get a page that says something like "You appear to have already posted this message". Does this help?
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Can't manage to P/Invoke that Win32 API in .NET? Why not do interop the wiki way!
Thanks for your suggestion Colin. I may try this one day but I have found a way that works now if javascript is disabled. What I did is I tried the http://metabuilders.com/Tools/OneClick.aspx[^] webcontrol. And it did (sorta) prevent multiple form submissions. Although I would get a strange behaviour where if the button was pressed more than once. It would perform the task I wanted performed once but refused to forward to a page after the process was complete. It would just sit on the page the form was submitted from. Submit could then be pressed again and viola 2 database inserts. In fact when I stepped through the code the Server.Transfer("Foo.aspx") line of code would execute but yet it did nothing to the web application. I then added a GUID validation to the page and it fixed the problem above. Now if the client hits submit more than once the task I need inserts to the database only once the GUID changes after the second button click and then the client is forwarded to a page saying their request has already been processed blah blah blah you hit submit more than once. Also the GUID validation prevents them from hitting back and re-submitting the form. So this seems to work fine for the "javascript disabled" folk. And for most normal people who leave javascript alone I used this solution http://aspzone.com/articles/207.aspx[^] Thanks again. Perhalps with Whidbey there will be something better in place.