[Catalyst] The old double-post issue

Bill Moseley moseley at hank.org
Fri Sep 22 20:19:52 CEST 2006

On Fri, Sep 22, 2006 at 10:45:51AM -0500, Wade.Stuart at fallon.com wrote:
> > The token is stored in the session.  So all that happens is upon
> > submission a check is made that the token exists in the form and it
> > matches the current one stored in the session.  If so, it is deleted.
> > When a new form is created a new token is created.  Someone can't
> > really have two windows open at the same time.
> This seems like a bug to me,  the token list should be just that.   not a
> one off placeholder.  You should be able to have N tabs open on different
> forms on the same app/session without each form clobbering the previous
> ones token.  Tokens are cheap and specific enough that they should be kept
> until used.

What about multiple forms on the same page?  Should there be one
token per form or one token per request?

> > Geeze, if people double click on submit buttons and can get past the
> > javascript then they get what they deserve. ;)
> That viewpoint is hard to sell to me.  If people double click and I am not
> smart enough to catch it I get what they deserve. =)

Well, actually, they don't get what they deserve -- which is the
output from the first request. ;)

Bill Moseley
moseley at hank.org

More information about the Catalyst mailing list