Re: Stopping second form post if refresh is hit?
On Jul 5, 10:13 am, Tim Chase <[EMAIL PROTECTED]> wrote: > ... > To prevent this, you need to uniquely identify the page from > which it was submitted (a hash of the IP address, timestamp the > form was generated, user info, whatever) ... You might want to consider a uuid: import uuid uuid.uuid4() That should give you less false positives in identifying duplicate form submissions. Doug Van Horn --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Stopping second form post if refresh is hit?
I'll have to check with my QA person to see exactly what they are doing. Perhaps they didn't tell me everything and they are hitting the back button... then going forward again... I've only gotten this to happen once, and had a bug on that page where I was saving twice..heh :) On Jul 5, 11:13 am, Tim Chase <[EMAIL PROTECTED]> wrote: > > I am using HttpResponseRedirect... it still seems to allow a > > duplicate post though if refresh is hit on the page it's been > > redirected to. > > Is this happening when a user clicks the Submit button twice > before the redirect comes in (thus Django processes two requests > from the same originating page, rather than from the response-page)? > > You can minimize double-submits via a little JavaScript code, > disabling the submit button in the onclick before submitting. > However, this doesn't 100% solve the problem, particularly if JS > is disabled (whether by browser limitation, or by user choice, > such as the wonderful NoScript plugin for FireFox which I use > regularly) > > To prevent this, you need to uniquely identify the page from > which it was submitted (a hash of the IP address, timestamp the > form was generated, user info, whatever) and then only allow that > identifier to be processed once. You'd have to keep a model of > "recent posts". If the hash is in there, the request you're > currently trying to process has already been processed. It would > be good to have this table auto-purged after some reasonable amt > of time, such as a couple days or a week. Huzzah for cron-jobs :) > > If you wanted to get fancy and your app had need of it, you could > hash the submitted data from the form (including the initial > unique identifier). This would allow the user to click their > Back button, return to the form, make changes and submit it a 2nd > time. This can be useful in a data-entry scenario where you want > to ensure that the 2nd submission actually has new data, not the > same data from accidentally double-clicking the submit button. > It's nice to have the usage pattern of "fill out the form; submit > the form; click the back button; change something; submit the > form; click the back button; " > > Just a few ideas, > > -tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Stopping second form post if refresh is hit?
> I am using HttpResponseRedirect... it still seems to allow a > duplicate post though if refresh is hit on the page it's been > redirected to. Is this happening when a user clicks the Submit button twice before the redirect comes in (thus Django processes two requests from the same originating page, rather than from the response-page)? You can minimize double-submits via a little JavaScript code, disabling the submit button in the onclick before submitting. However, this doesn't 100% solve the problem, particularly if JS is disabled (whether by browser limitation, or by user choice, such as the wonderful NoScript plugin for FireFox which I use regularly) To prevent this, you need to uniquely identify the page from which it was submitted (a hash of the IP address, timestamp the form was generated, user info, whatever) and then only allow that identifier to be processed once. You'd have to keep a model of "recent posts". If the hash is in there, the request you're currently trying to process has already been processed. It would be good to have this table auto-purged after some reasonable amt of time, such as a couple days or a week. Huzzah for cron-jobs :) If you wanted to get fancy and your app had need of it, you could hash the submitted data from the form (including the initial unique identifier). This would allow the user to click their Back button, return to the form, make changes and submit it a 2nd time. This can be useful in a data-entry scenario where you want to ensure that the 2nd submission actually has new data, not the same data from accidentally double-clicking the submit button. It's nice to have the usage pattern of "fill out the form; submit the form; click the back button; change something; submit the form; click the back button; " Just a few ideas, -tim --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Stopping second form post if refresh is hit?
I am using HttpResponseRedirect... it still seems to allow a duplicate post though if refresh is hit on the page it's been redirected to. On Jul 5, 10:34 am, "Jeremy Dunck" <[EMAIL PROTECTED]> wrote: > On 7/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > In the cases where an existing record is being edited, this doesn't > > really matter, but when a user adds a new record, and I redirect him > > to the page to view all of the objects in that table, if he then hits > > refresh, it adds the record again due to a second form post. > > After successfully handling a POST, best practice is to redirect. > This forces the browser to do a GET, and hitting refresh won't do > another post. > > I think you can redirect to the same URL, if that view handles GET and > POST differently. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Stopping second form post if refresh is hit?
On 7/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > In the cases where an existing record is being edited, this doesn't > really matter, but when a user adds a new record, and I redirect him > to the page to view all of the objects in that table, if he then hits > refresh, it adds the record again due to a second form post. After successfully handling a POST, best practice is to redirect. This forces the browser to do a GET, and hitting refresh won't do another post. I think you can redirect to the same URL, if that view handles GET and POST differently. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Stopping second form post if refresh is hit?
Use HttpResponseRedirect from django.http [EMAIL PROTECTED] пишет: > On most of my form posts, I redirect to another page once I save > whatever data has been posted on the form. ( I am not using new > forms, and in some cases I'm even using old fashioned hand rolled > forms to post from a view. ) > > In the cases where an existing record is being edited, this doesn't > really matter, but when a user adds a new record, and I redirect him > to the page to view all of the objects in that table, if he then hits > refresh, it adds the record again due to a second form post. > > Is there a way to stop this? I figure there must be, but perhaps I > wasn't searching with the correct key words. > > Thanks for any info. > -- Artiom Diomin, Development Dep, "Comunicatii Libere" S.R.L. http://www.asterisksupport.ru http://www.asterisk-support.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Stopping second form post if refresh is hit?
On most of my form posts, I redirect to another page once I save whatever data has been posted on the form. ( I am not using new forms, and in some cases I'm even using old fashioned hand rolled forms to post from a view. ) In the cases where an existing record is being edited, this doesn't really matter, but when a user adds a new record, and I redirect him to the page to view all of the objects in that table, if he then hits refresh, it adds the record again due to a second form post. Is there a way to stop this? I figure there must be, but perhaps I wasn't searching with the correct key words. Thanks for any info. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
