Posted: 5/5/2007 8:21:46 AM EDT
|
Staff, It seems we get a fair amount of doubt posts from people double tapping the submit button and sometimes other unexplainable causes. Many sites have to deal with this problem be it credit card processing or other forums such as this one. It seems like a simple problem to fix and indeed I have designed interactive sites where I have had to account for possible resubmission by the user. The wasy I typically have done this is by using a hidden input on the page containing a number that the server knows is good for a specific amount of time (so it can be recycled after the expired time). You can attach it to a specific IP, or user ID or however you want to do it. If you attach it to the user id each user has their own set of submission ids and the users don't have to share a number pool. Once the form is submitted that number is no good to submit another post until it is expired and reused for another post sometime in the distance future. When a submission number is reused before it expires it is detected as a doubletap and you can refresh the submission page (like you do if you post too fast) with a message saying to check to see if their post was already submitted. Don't forget to include their original test in the message box (along with a new hidden submission number) so they don't have to type it again if it was not a double post by some weird coincidence. This is totally transparent to the user and doesn't add much code to watch for. Simplification: 1. user hits reply/new thread button to post message 2a. server generates a submission id attached to that user id and serves up post reply page 3. user types in message and hits post/preview/whatever 4. server gets post. expires submission id since its now used. 5. if server gets another post with that submission id it takes back to submission screen with error to check to see if post has already been submitted. a NEW submission id is generated and included just in case it was not a resubmission by some weird happenstance 2b. server expires submission id after x amount of time because a post was never submitted. this can be set to days, weeks, years, never if you like (only limited by the length of the submission id number length and the number of posts a user will make over a lifetime. a 16 bit number should be good for a year as long as nobody makes 64k posts in that time!). 6. expired submission ids can be marked as expired or purged to invalidate id. So theres my idea for eliminating double posts. it's simpler than it sounds. The logic just needs to be layed out. You're other option is javascript to disable the submit button once it is pressed. However, this does not nessesarily mean a hostile user could not modify the page to disable that code and flood post. Furthermore, it may not prevent some of the unknown causes of double posting. -Foxxz |