On Apr 17, 2015 12:44 PM, "Anthony" <abasta...@gmail.com> wrote: > > >>>> Well, in my case, the delay was caused by sending email, so it is definitely not "milliseconds of each other". It takes some 2 or 3 seconds, maybe even longer. And during this period, it is not that another user would try to register with same username/email, it is somehow the same user request would (seemingly?) be resent (by the user's app or by my reverse proxy apache or by a wsgi middleware or whatever, which I don't know yet). >>> >>> >>> Got it, but that sounds like a bug to be fixed. It shouldn't be possible to re-submit the standard registration form twice because the _formkey token prevents duplicate submissions. Are you using a different method for submitting registration data? >> >> >> It is because I am providing a RESTFUL api for the app to call. That is why I (have to?) bypass all the good things in the default form-based infrastructure such as double submit prevention. Sad but true. > > > You could still implement your own functionality to prevent double submission, such as issuing a one-time use token that gets submitted with the registration. >
Thanks Anthony for the very cool idea of trying to implement a (generic?) functionality to prevent double submission. I don't exactly know how to do that yet. AFAIK, the web2py builtin double submission prevention is implemented in the Form() object. It generates a one-time token and store it into cookie session (which does not rely on DB) during form rendering, and then compare it against cookie session during the form's self submission. A generic implementation works for every form. Neat. It is a different story when building a RESTful API. There would be no rendering behavior before form submission, and normally I use state-less HTTP basic auth and then purposely turn off session feature. Unless I force my api callers to do HTTP POST first, to yet another dedicated "token" api, which will issue the token and also store it into some backend storage (such as a DB or central key-value service), blah blah. But this sounds not "lightweight" at all. At least in my current specific case, a unique index in DB is good enough and to the point. Although this solution is not generic. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.