[Catalyst] The old double-post issue

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Fri Sep 22 00:04:38 CEST 2006 





catalyst-bounces at lists.rawmode.org wrote on 09/21/2006 04:33:07 PM:

> On Thu, Sep 21, 2006 at 05:09:07PM -0400, Perrin Harkins wrote:
> > Sure, but something strange happened, so a different message is a
> > reasonable response.  We just provide a message for this about how the
> > transaction wasn't processed because another identical one just came
> > through in the last minute and it looks like a duplicate.  That seems
> > pretty easy to understand.
>
> The problem, which I can reproduce in FF by hitting escape between
> submits, is that the first request completes as normal (and would
> return a "Transaction Completed!" response page) but, then the
> second request (which is what the browser is now following) sees that
> the transaction is no longer valid and returns and error page.  But
> that doesn't tell the end-user that the transaction really happened.
>

But why are you returning an error page,  doesn't the fact that the token
no longer is valid mean that the form has already been submitted (return a
oops this form has already been submitted page)?  If it was submitted with
a validation err wouldn't t you have generated a new token along with the
form tagged with error codes to submit yet again?  I guess I don't see how
you would get into a state where a user submits a form and the token is
invalid unless the form had already been submitted.  I am looking at the
C::P::RT source to see if  there is some sort of race I am not thinking of.

> My code now detects that something doesn't quite make sense and gives
> a slightly smarter message.  But, it's not always easy to see a
> request and know that it's already happened vs. just is not in a
> state where that kind of request is allowed.

Does the plugin actually lose its state without a submission? (even if you
go to another section of website on the same session...)
>
> Mostly, I now say "Did you submit the form twice?" kind of thing.  It
> would help if I moved to a more atomic test/update on my form's unique
> token than C::P::RequestToken provides.
>

More information about the Catalyst mailing list