I am trying to find a way to prevent users from double-submitting my forms. I have javascript that disables the submit button, but there is still an occasional user who finds a way to double-submit.
I have a vision of a re-usable library that I could create to protect from this.
In my ideal library, the code block would look something like this:
try:
with acquire_lock({'field1':'abc', 'field2':'def'}) as lock:
response = #do some credit card processing
lock.response = response
except SubmissionWasDuplicate, e:
response = e.response
The lock table would look something like this:
duplicate_submission_locks
- submission_hash # a MD5 of the submitted arguments
- response # pickled data
- created_at # used for sweeping this table
- lock_expired # boolean signifying if the lock has expired
Does anyone know if this already exists? It doesn’t seem to difficult to write, so if it doesn’t exist I may write it myself.
One easy solution to this problem is to add a unique hash to each form. Then you can have a rolling table of current forms. When a form is submitted, or the hash gets too old, you can expire it out of your table, and reject any form which does not have a matching hash in your table.
The HTTPRedirect is the correct way to do it, as previously mentioned.
Unfortunately, even Django’s own built in admin is prone to problems related to this issue. In some cases, the cross-site scripting framework can assist to prevent some of this, but I’m afraid the current production versions just don’t have this built in.