如何防止用户在网站上多次发布数据 [英] How do you prevent a user from posting data multiple times on a website
问题描述
我正在开发一个Web应用程序(J2EE),我想知道可以从浏览器处理双重帖子的选项。
I am working on a web application (J2EE) and I would like to know the options that are available for handling a double post from the browser.
解决方案我在过去看过和使用过的都是客户端:
The solutions that I have seen and used in the past are all client-side:
- 用户点击后立即禁用提交按钮。
- 按照POST-Redirect-GET模式阻止用户单击后退按钮时的POST。
- 处理表单的onSubmit事件并跟踪使用JavaScript提交状态。
如果可能,我更愿意实施服务器端解决方案。有没有比我上面提到的方法更好的方法,或者最好是客户端解决方案?
I would prefer to implement a server side solution if possible. Are there any better approaches than the ones I have mentioned above, or are client-side solutions best?
推荐答案
很难实现一个愚蠢的解决方案(因为他们总是改善白痴)。 无论您做什么,客户端都可能被操纵或执行不正确。
Its hard to implement an idiot-proof solution (as they are alway improving the idiots). No matter what you do, the client side can be manipulated or perform incorrectly.
您的解决方案必须是服务器端才能可靠和安全。这就是说,一种方法是检查请求并检查系统/数据库状态或日志以确定它是否已经处理。理想情况下,服务器端的进程在可能的情况下应该是幂等的,如果不能,则必须防止欺骗提交。
Your solution has got to be server side to be reliable and secure. That said, one approach is to review the request and check system/database state or logs to determine if it was already processed. Ideally, the process on the server side should be idempotent if possible, and it will have to protect against dupe submits if it can't be.
这篇关于如何防止用户在网站上多次发布数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!