Re: Form Double Submit Detection

2003-10-28 Thread Tom Parker
On Tue, 2003-10-28 at 23:40, Adam Hardy wrote: > I don't store the token in the session. When the form submits, I check > the session for a hashmap, & if the token is not in the hashmap, I allow > the transaction and then put the token in the hashmap. Interesting. You store the successful token

RE: Form Double Submit Detection

2003-10-28 Thread Ralph Einfeldt
chultz [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2003 11:56 AM > To: Tomcat Users List > Subject: Re: Form Double Submit Detection > > > without ever giving it much thought. Does that mean that you > can never have exclusive

Re: Form Double Submit Detection

2003-10-28 Thread Christopher Schultz
Justin, Agreed. One word of caution... > We actually synchronized on the session... You aren't guaranteed to have the same HttpSession object for every request -- HttpSession is an interface which is implemented internally and wrapped by a facade. Synchronizing on the actual object you get fr

Re: Form Double Submit Detection

2003-10-28 Thread Adam Hardy
On 10/28/2003 10:42 AM Walker Chris wrote: Tom, You can also put JavaScript code in the form's onSubmit event code to disable all the elements in the form. To make sure this happens after submission (otherwise nothing gets submitted) use window.setTimeout() to run the disable script after a short

RE: Form Double Submit Detection

2003-10-28 Thread Walker Chris
-- From: Bill Lunnon [mailto:[EMAIL PROTECTED] Sent: 27 October 2003 23:26 To: Tomcat Users List Subject: RE: Form Double Submit Detection Tom, Don't know if this is complimentary to your workflow, try a javascript confirm (ie a client side pop-up, asking the user to click "Ok" to co

RE: Form Double Submit Detection

2003-10-27 Thread Tom Parker
On Tue, 2003-10-28 at 15:49, Justin Ruthenbeck wrote: > Here's the situation (correct me if I'm wrong): >+ User fills out a form and clicks submit >+ The browser submits the form and sits in a wait state >+ The server begins processing a request for a new record >+ The user clicks

Re: Form Double Submit Detection

2003-10-27 Thread Justin Ruthenbeck
Agreed. One word of caution... At 06:46 PM 10/27/2003, you wrote: I've had to do this before when credit card processing was being done. A double-click can result in the credit card being charged twice, so you've really got to avoid it. We actually synchronized on the session for the duration

RE: Form Double Submit Detection

2003-10-27 Thread Justin Ruthenbeck
At 06:02 PM 10/27/2003, you wrote: On Tue, 2003-10-28 at 14:18, Justin Ruthenbeck wrote: > At 04:20 PM 10/27/2003, you wrote: > >On Tue, 2003-10-28 at 12:51, Justin Ruthenbeck wrote: > > > > > Server side, instead of putting a token in the session when the page > > is > > > *served*, put a token i

Re: Form Double Submit Detection

2003-10-27 Thread Christopher Schultz
Tom, > Don't know if this is complimentary to your workflow, > try a javascript confirm (ie a client side pop-up, asking the user to click > "Ok" to continue). This will catch any double clicks on the client side. Unfortunatly I think our users would object to this solution. Server side, inst

RE: Form Double Submit Detection

2003-10-27 Thread Tom Parker
On Tue, 2003-10-28 at 14:18, Justin Ruthenbeck wrote: > At 04:20 PM 10/27/2003, you wrote: > >On Tue, 2003-10-28 at 12:51, Justin Ruthenbeck wrote: > > > > > Server side, instead of putting a token in the session when the page > > is > > > *served*, put a token in the session while the submission

RE: Form Double Submit Detection

2003-10-27 Thread Justin Ruthenbeck
At 04:20 PM 10/27/2003, you wrote: On Tue, 2003-10-28 at 12:51, Justin Ruthenbeck wrote: > Server side, instead of putting a token in the session when the page is > *served*, put a token in the session while the submission is being > processed (use it like a semaphore). The token has a finite li

RE: Form Double Submit Detection

2003-10-27 Thread Tom Parker
On Tue, 2003-10-28 at 12:51, Justin Ruthenbeck wrote: > Server side, instead of putting a token in the session when the page is > *served*, put a token in the session while the submission is being > processed (use it like a semaphore). The token has a finite lifecycle > (created on form submis

RE: Form Double Submit Detection

2003-10-27 Thread Justin Ruthenbeck
At 03:34 PM 10/27/2003, you wrote: On Tue, 2003-10-28 at 12:26, Bill Lunnon wrote: > Don't know if this is complimentary to your workflow, > try a javascript confirm (ie a client side pop-up, asking the user to click > "Ok" to continue). This will catch any double clicks on the client side. Unf

RE: Form Double Submit Detection

2003-10-27 Thread Tom Parker
On Tue, 2003-10-28 at 12:26, Bill Lunnon wrote: > Don't know if this is complimentary to your workflow, > try a javascript confirm (ie a client side pop-up, asking the user to click > "Ok" to continue). This will catch any double clicks on the client side. Unfortunatly I think our users would obj

RE: Form Double Submit Detection

2003-10-27 Thread Bill Lunnon
Tom, Don't know if this is complimentary to your workflow, try a javascript confirm (ie a client side pop-up, asking the user to click "Ok" to continue). This will catch any double clicks on the client side. Hope this helps Bill -Original Message- From: Tom Parker [mailto:[EMAIL PROTECTE