How to predotvratit requests from the same user?

Question

How to predotvratit requests from the same user?

The essence of the issue: user can create article, and, after filling required fields for a form using AJAX is sent to server, but the problem is that this form can be submitted multiple times in a row and can get many of the same records. How to deal with it?

success: function (data) {
 data = JSON.parse(data);
if (data['status'] == 'success') {
 window.location.href = data['href'];
}

Elementary editing the JavaScript redirect you can re-submit the form.

esmeralda_Nolan asked July 8th 19 at 12:21

Related questions

More answers about "How to predotvratit requests from the same user?"

3 answers

antonetta.Collins answered on · Answer 1 · 2019-07-08T12:23:49.157Z

antonetta.Collins answered on July 8th 19 at 12:23

Sending appears when you press the button?
If Yes, set the flag and remove it when the response from the server.

and about the redirect does not really understand

So the flag can be removed the same way. Disabled put, but it can be removed - esmeralda_Nolan commented on July 8th 19 at 12:26

: flag in the code and not in css.
and test when clicking if the variable is still true, just do nothing. Otherwise send Ajax.

If I understand you correctly, because without seeing the code - I can not understand.

Otherwise. check the article on dubbing - this is the backend - not my path ) - antonetta.Collins commented on July 8th 19 at 12:29

herminio_Gerlach answered on · Answer 2 · 2019-07-08T12:25:49.157Z

Usually, if the form is submitted by pressing a button, this button need immediately after you transfer in a disabled state (in the onClick handler). Then press the button several times in a row simply will not work.

But, as I understand, you are afraid that the user will edit the JS in the browser and send the data again with the modified JS. If so, then I must say that any POST request can thus be duplicated - you do not even have to edit the JS, you can use utilities such as curl or wget or some browser extensions. I would recommend not to worry about it.

But if you want to protect yourself from this generating at the server a special one-time key to generate a page with a form and include it in the form as hidden fields. (When using the PHP framework Laravel you can use the function str_random()) Save this key in session data, and then, when receiving form data, check: if you come with the form data key exists in session data then continue processing and then the delete key; if it came with a form key in the session data is missing, then return a 403 error Bad request.

ned.Altenwerth answered on · Answer 3 · 2019-07-08T12:27:49.157Z

ned.Altenwerth answered on July 8th 19 at 12:27

Here's a guaranteed solution free from curl and wget other.

Make a hash from the form/user/timestamp (this timestamp can be of the form YYYY-MM-DD (i.e. the form can be resubmitted through the night)
Store the hash in the bloom filter(so as not to occupy much space)
Profit