[Catalyst] The old double-post issue
Bill Moseley
moseley at hank.org
Fri Sep 22 20:19:52 CEST 2006
On Fri, Sep 22, 2006 at 10:45:51AM -0500, Wade.Stuart at fallon.com wrote:
> > The token is stored in the session. So all that happens is upon
> > submission a check is made that the token exists in the form and it
> > matches the current one stored in the session. If so, it is deleted.
> > When a new form is created a new token is created. Someone can't
> > really have two windows open at the same time.
>
> This seems like a bug to me, the token list should be just that. not a
> one off placeholder. You should be able to have N tabs open on different
> forms on the same app/session without each form clobbering the previous
> ones token. Tokens are cheap and specific enough that they should be kept
> until used.
What about multiple forms on the same page? Should there be one
token per form or one token per request?
> > Geeze, if people double click on submit buttons and can get past the
> > javascript then they get what they deserve. ;)
>
> That viewpoint is hard to sell to me. If people double click and I am not
> smart enough to catch it I get what they deserve. =)
Well, actually, they don't get what they deserve -- which is the
output from the first request. ;)
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list