防止双重表格提交 [英] Preventing double form submissions
问题描述
完全重复:如何处理多个提交服务器端
手头的一般任务是:防止在多用户基于web的应用程序。考虑财务交易。
我有两种方法可以一起使用:
- JavaScript禁用按钮
- 缺点:禁用JavaScript时不起作用
- 后端验证 - 查看此类型的最后一次请求多久之前来自此用户,并且如果不久之前发出错误消息
- 缺点:如果两份提交文件足够接近,每个提交文件可能无法识别其他文件。
我正在寻找主题专家来贡献他们的最佳实践以及深奥的技巧。可以是任何语言和框架,但Django具有特定的兴趣。网络上已经写了很多关于手头的任务,但是最好有这里展示的最佳实践。
解决方案通常的解决方案是每次生成表单时在服务器上生成一个令牌。将令牌存储在服务器上,将其作为隐藏字段添加到表单中,并在您使用该令牌获取表单提交后将其删除。
如果您得到表单没有有效的标记提交,这意味着表单已经提交并且忽略它。
这为将XSRF保护添加到您的项目中提供了额外的优势。
Exact Duplicate: How to handle multiple submissions server-side
The general task at hand: preventing a double form submission in a multi-user web based application. Think financial transactions.
I have two methods which can be used in tandem:
- JavaScript disabling of button
- Disadvantage: does not work if JavaScript is disabled
- Back-end verfication - see how long ago the last request of this type came from this user and issue error if not too long ago
- Disadvantage: If the two submissions are close enough together, each may not be able to be aware of the other
I am looking for subject matter experts to contribute their best practices as well as esoteric tricks. Can be any language and framework, but Django is of specific interest. A lot has been written on the web about the task at hand, but it would be nice to have the best practices shown here.
The common solution is to generate a token on the server every time you generate a form. Store the token on the server, add it as a hidden field to the form, and delete it once you get a form submission with that token.
If you get a form submission without a valid token, it means that the form has already been submitted and ignore it.
This has the added advantage of adding XSRF protection to your project.
这篇关于防止双重表格提交的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!