On Friday, April 17, 2015 at 6:35:09 AM UTC-7, Anthony wrote: > > 2. Even without above snippet, in our context I would say a rare >>>> 500-response-but-it-would-be-gone-if-you-simply-retry is (arguably?) still >>>> better than, silently creating duplicated user accounts which clearly >>>> violates the universal expectation of such a fundamental db scheme >>>> assumption. >>>> >>> >>> This doesn't seem to be a likely problem -- two different users would >>> have to be trying to register with the same username/email within >>> milliseconds of each other. On the other hand, I suppose this would make >>> the 500 response in such a case equally rare (assuming we set unique=True >>> in the table definition). >>> >>> Well, in my case, the delay was caused by sending email, so it is >> definitely not "milliseconds of each other". It takes some 2 or 3 seconds, >> maybe even longer. And during this period, it is not that another user >> would try to register with same username/email, it is somehow the same user >> request would (seemingly?) be resent (by the user's app or by my reverse >> proxy apache or by a wsgi middleware or whatever, which I don't know yet). >> > > Got it, but that sounds like a bug to be fixed. It shouldn't be possible > to re-submit the standard registration form twice because the _formkey > token prevents duplicate submissions. Are you using a different method for > submitting registration data? >
It is because I am providing a RESTFUL api for the app to call. That is why I (have to?) bypass all the good things in the default form-based infrastructure such as double submit prevention. Sad but true. > > >> Although I agree with your earlier suggestion to re-engineer the email >> sending part to a separated queue, which is a good idea indeed, but as a >> more general topic, I still think it would be good to have web2py to define >> unique=True for username and/or email in auth_user table by default. >> Personally I am willing to trade a rare (0.01%?) chance of a user-scary 500 >> error ticket for the 100% guarantee of no duplication in auth_user table. >> Don't you think so? >> > > Sounds reasonable. Maybe submit an issue and/or bring it up on the > developers list. > > OK. See https://github.com/web2py/web2py/issues/921 By the way, thank you Anthony for your follow-up info in another post about the manually setup unique=True workaround. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.