防止双重HTTP POST [英] Preventing double HTTP POST
问题描述
我制作了一个用于注册活动的小应用程序.用户输入他们的数据,然后单击登录我".
I have made a little app for signing up for an event. User input their data and click "sign me in".
现在,有时候人们在数据库中是双倍的,完全相同的数据彼此之间非常快速地被插入了两次.这只能表示某人单击了两次按钮,从而导致发生了两个帖子.
Now sometimes people are double in the database, the exact same data that got inserted 2 times very quickly after each other. This can only mean someone clicked the button twice, which caused two posts to happen.
这是常见的网络问题,因为信用卡应用程序和论坛应用程序经常说:单击一次就足够了!".
This is common web problem, as credit card apps and forum apps often say: "Clicking once is enough!".
我想您可以通过检查完全相同的数据以查看帖子是否唯一来解决该问题,但是我想知道是否还有其他方法.
I guess you could solve it by checking for the exact same data to see if the post is unique, but I wonder if there are other methods.
这当然不适用于ASP.NET Web窗体,因为POST无关紧要.
This ofcourse does not count for ASP.NET webforms, because POST doesn't matter as much.
推荐答案
虽然JavaScript解决方案可以在单击提交按钮后将其禁用,但这对禁用了JavaScript的人没有影响.在添加JavaScript之前,应始终使它们正常工作,否则,没有意义,因为用户仍然可以通过禁用JavaScript来绕过检查.
While JavaScript solutions can disable the submit button after it has been clicked, this will have no effect on those people who have JavaScript disabled. You should always make things work correctly without JavaScript before adding it in, otherwise there's no point as users will still be able to bypass the checks by just disabling JavaScript.
如果动态生成表单出现的页面,则可以添加一个隐藏的字段,其中包含某种序列号,哈希或唯一的内容.然后,您将进行一些服务器端验证,该验证将检查是否已发出具有该唯一值的请求.当用户提交表单时,将根据已使用"值列表检查该唯一值.如果列表中存在,则为重复请求,可以将其丢弃.如果不存在,则将其添加到列表中,然后照常进行处理.只要您确保该值是唯一的,就可以保证同一表格不能被提交两次.
If the page where the form appears is dynamically generated, you can add a hidden field which contains some sort of sequence number, a hash, or anything unique. Then you have some server-side validation that will check if a request with that unique value has already come in. When the user submits the form, the unique value is checked against a list of "used" values. If it exists in the list, it's a dupe request and can be discarded. If it doesn't exist, then add it to the list and process as normal. As long as you make sure the value is unique, this guarantees the same form cannot be submitted twice.
当然,如果表单所在的页面不是动态生成的,那么您将需要在服务器端以困难的方式进行操作,以检查是否尚未提交相同的信息.
Of course, if the page the form is on is not dynamically generated, then you'll need to do it the hard way on the server-side to check that the same information has not already been submitted.
这篇关于防止双重HTTP POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
