[Catalyst] The old double-post issue

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Fri Sep 22 00:04:38 CEST 2006

catalyst-bounces at lists.rawmode.org wrote on 09/21/2006 04:33:07 PM:

> On Thu, Sep 21, 2006 at 05:09:07PM -0400, Perrin Harkins wrote:
> > Sure, but something strange happened, so a different message is a
> > reasonable response.  We just provide a message for this about how the
> > transaction wasn't processed because another identical one just came
> > through in the last minute and it looks like a duplicate.  That seems
> > pretty easy to understand.
> The problem, which I can reproduce in FF by hitting escape between
> submits, is that the first request completes as normal (and would
> return a "Transaction Completed!" response page) but, then the
> second request (which is what the browser is now following) sees that
> the transaction is no longer valid and returns and error page.  But
> that doesn't tell the end-user that the transaction really happened.

But why are you returning an error page,  doesn't the fact that the token
no longer is valid mean that the form has already been submitted (return a
oops this form has already been submitted page)?  If it was submitted with
a validation err wouldn't t you have generated a new token along with the
form tagged with error codes to submit yet again?  I guess I don't see how
you would get into a state where a user submits a form and the token is
invalid unless the form had already been submitted.  I am looking at the
C::P::RT source to see if  there is some sort of race I am not thinking of.

> My code now detects that something doesn't quite make sense and gives
> a slightly smarter message.  But, it's not always easy to see a
> request and know that it's already happened vs. just is not in a
> state where that kind of request is allowed.

Does the plugin actually lose its state without a submission? (even if you
go to another section of website on the same session...)
> Mostly, I now say "Did you submit the form twice?" kind of thing.  It
> would help if I moved to a more atomic test/update on my form's unique
> token than C::P::RequestToken provides.

More information about the Catalyst mailing list