您如何防止用户在网站上多次发布数据 [英] How do you prevent a user from posting data multiple times on a website
问题描述
我正在开发一个 Web 应用程序 (J2EE),我想知道可用于处理来自浏览器的双重发布的选项.
I am working on a web application (J2EE) and I would like to know the options that are available for handling a double post from the browser.
我过去看到和使用的解决方案都是客户端:
The solutions that I have seen and used in the past are all client-side:
- 在用户点击提交按钮后立即禁用它.
- 遵循 POST-Redirect-GET 模式以防止在用户单击后退按钮时进行 POST.
- 处理表单的 onSubmit 事件并使用 JavaScript 跟踪提交状态.
如果可能,我更愿意实施服务器端解决方案.有没有比我上面提到的更好的方法,或者客户端解决方案是最好的?
I would prefer to implement a server side solution if possible. Are there any better approaches than the ones I have mentioned above, or are client-side solutions best?
推荐答案
很难实施防白痴的解决方案(因为他们总是在改进白痴).无论您做什么,客户端都可能被操纵或错误执行.
Its hard to implement an idiot-proof solution (as they are alway improving the idiots). No matter what you do, the client side can be manipulated or perform incorrectly.
您的解决方案必须是可靠和安全的服务器端. 也就是说,一种方法是检查请求并检查系统/数据库状态或日志以确定它是否已被处理.理想情况下,如果可能,服务器端的进程应该是幂等的,如果不能,它必须防止重复提交.
Your solution has got to be server side to be reliable and secure. That said, one approach is to review the request and check system/database state or logs to determine if it was already processed. Ideally, the process on the server side should be idempotent if possible, and it will have to protect against dupe submits if it can't be.
这篇关于您如何防止用户在网站上多次发布数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
