如何防止用户重新提交表单? [英] How to prevent a user from resubmitting a form?

问题描述

我正在开发单页应用程序.

在应用程序结束时，用户可以提交他的联系信息(姓名，电话号码等).这会发送一封电子邮件，并将页面修改为感谢提交[...]"页面.

At the end of the application, the user gets to submit his contact information (name, phone number, etc). This sends an Email and modifies the page to a "Thanks for submitting [...]" page.

问题在于，客户可以按返回按钮并重新发送电子邮件.

The problem is, the client can press the Back button and REsend the Email.

有没有办法防止这种垃圾邮件?

Is there a way to prevent this sort of.. spam?

Sub BT_Send(sender As Object, e As EventArgs) Handles BT_Send.Click
Try
    'Creating the Email Message
    Dim mailMessage As New MailMessage()
    mailMessage.To.Add("SomeOne@a.com")
    mailMessage.From = New MailAddress("Robot@a.com", "Robot")
    mailMessage.Subject = "Test"
    mailMessage.IsBodyHtml = True
    mailMessage.Body = LBL_Emailbody.Text & _
        "<br><br><br><div style=""font-size: 0.7em;"">Robot speaking, I will not answer if you send me a message.</div>"
    Dim smtpClient As New SmtpClient("Something.com")
    smtpClient.Send(mailMessage)


    PNL_Before.Visible = False
    PNL_After.Visible = True
Catch ex As Exception
    LBL_errorEmail.Visible = True
    'Should never happen...
End Try
End sub

推荐答案

这里是一个非常简单的示例，其中我在页面上使用静态变量并避免使用数据库.

Here is a very simple example, where I use a static variable on page and avoid database.

asp.net页面是

the asp.net page is

<asp:Literal runat="server" ID="txtInfos"></asp:Literal><br />
<asp:TextBox runat="server" ID="txtEmail"></asp:TextBox><br />
<asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />/>

及其背后的代码.

static Dictionary<string, DateTime> cLastSubmits = new Dictionary<string, DateTime>();

private static readonly object syncLock = new object();

protected void Button1_Click(object sender, EventArgs e)
{
    DateTime cWhenLast;

    lock (syncLock)
    {
        var cNowIs = DateTime.UtcNow;
        if (cLastSubmits.TryGetValue(txtEmail.Text, out cWhenLast))
        {
            if (cWhenLast > cNowIs )
            {
                txtInfos.Text = "Please contact us again after 10 seconds";
                return;
            }
            else
            {
                // ok I let him submit the form, but note the last date time.
                cLastSubmits.Remove(txtEmail.Text);
            }
        }

        foreach(var DelMe in cLastSubmits.Where(x => cNowIs > x.Value).ToList())
            cLastSubmits.Remove(DelMe.Key);

        // if reach here, note the last datetime of submit            
        cLastSubmits.Add(txtEmail.Text, cNowIs.AddSeconds(10));
    }

    // and submit the form.
    txtInfos.Text = "thank you for submit the form";
}

一些笔记.

• 如果您有许多游泳池(网络花园)，则可能会使用户无法使用同时提交给您拥有的泳池.

• 当然，如果用户提交虚假数据，这将无法保护您，这就是我们可以使用的原因:

• If you have many pools (web garden), then this may left user to submit at the same time up to the pool you have.

• Of course if a user submit fake data this can not protect you, and thats why we can use:

1. 蜜罐戏法.
2. 验证码
3. 其他控件那可以理解机器人.
4. 了解重新提交的代码.

这篇关于如何防止用户重新提交表单?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！