Accidentally hitting "submit" twice actually posts twice

Ie., https://hero.handmade.network/for...039-when_build_tools_matter#10631

My solution to this problem generally is to generate a GUID for the edit page, so that if you submit it twice, it's clear to the server that it's a resubmit and it drops the second one automatically. Not sure if that's how other people do it, but I'm sure there are other methods too...

- Casey
cmuratori
Ie., https://hero.handmade.network/for...039-when_build_tools_matter#10631

My solution to this problem generally is to generate a GUID for the edit page, so that if you submit it twice, it's clear to the server that it's a resubmit and it drops the second one automatically. Not sure if that's how other people do it, but I'm sure there are other methods too...

- Casey


I had another similar solution for this in mind and it's on my todo list. Meanwhile I'd _just_ cleaned up the post in question before you posted this :)
cmuratori

My solution to this problem generally is to generate a GUID for the edit page, so that if you submit it twice, it's clear to the server that it's a resubmit and it drops the second one automatically.


That's generally known as a CSRF token. It's used to prevent other websites from tricking their users to POST to your website, but if you generate a unique token per page you get the double-submit prevention for free.
An additional approach is to disable the submit button after the first click.
AsafG
cmuratori

My solution to this problem generally is to generate a GUID for the edit page, so that if you submit it twice, it's clear to the server that it's a resubmit and it drops the second one automatically.


That's generally known as a CSRF token. It's used to prevent other websites from tricking their users to POST to your website, but if you generate a unique token per page you get the double-submit prevention for free.
An additional approach is to disable the submit button after the first click.


We have CSRF, just unique per session and not per page. We could do that, but that complicates things a bit tracking and expiring them, which also means that if someone's writing something rather long, they'll have an expired token that you have to then refresh on the fly based on their other session credentials and what not.

I prefer doing that just for pages with forms, much less to keep track of, i.e. separate from the CSRF. Also, the solution I have in mind is even simpler. More on that in March after I've implemented it. Abner won't let me work on the site this month unless it's an emergency, and this occurs so rarely it doesn't qualify.

Edited by Jeroen van Rijn on
Abner won't let me work on the site this month unless it's an emergency, and this occurs so rarely it doesn't qualify.

And to clarify, this month we're focused on the educational materials roadmap for HMN. We're also taking a short break from active development—celebrating the release of v1. The team worked really hard this past month and some rest is worthwhile; however, any site maintenance will still be performed (obviously).

Edited by Abner Coimbre on Reason: Formatting.
abnercoimbre
however, any site maintenance will still be performed (obviously).

So much for my dastardly plan to let spam bots run amok the whole month… *twirls his moustache*

Edited by Jeroen van Rijn on
Sigh. It would be nice if the world was just nice enough to at least not have any spam bots. Out of all the horrible events that take place on planet Earth, spam bots need to exist as well? Really?
abnercoimbre
Sigh. It would be nice if the world was just nice enough to at least not have any spam bots. Out of all the horrible events that take place on planet Earth, spam bots need to exist as well? Really?

Preaching to the choir - I'd say quire, but Eisbehr hasn't released it yet -, Abner. Dealing with those soaked up most of my time this month, as people will be able to read in the monthly update this month, when it's updated to update them on the updates this month.
New Handmade project - Anti-bot bot aka BotKiller.
Kelimion
Dealing with those soaked up most of my time this month, as people will be able to read in the monthly update this month, when it's updated to update them on the updates this month.

Said monthly update is now here.

Edited by Abner Coimbre on Reason: Formatting.