All geek questions in one place

Token method on forms, double submitting a question

I spent weeks working on a dual representation of protection on my forms. Straightup, the token storage session method does not work.

Sessions work great for refreshing the page or for those who return to history ... but a classic double gift by pressing a button several times cannot be prevented with sessions.

I think the script cannot check / record / delete sessions fast enough to catch an error when multiple clicks are processed in milliseconds from each other.

Is there any other server side way to prevent this problem?

+1
source share
1 answer

It seems you need an independent token store capable of avoiding race conditions. To get this work, several solutions are available, one of which is easier to implement:

  • Store the token in a database with fields (tokencode, Claimid).
  • When receiving, set microtime() to microtime() , possibly even to a process identifier or hash, if it is very sure to be unique in similar processes running within one moment of each other.
  • Try to declare a token: UPDATE tokens SET claimid = <id> WHERE tokencode=tokencode AND claimid IS NULL
  • Read lines changed by the previous statement (or make a choice).
  • If the line has changed and / or has your microtime () 'd Claim: you are the winner, continue
  • If nothing has changed or the token has an incorrect statement, the action will not be performed.
+3
source

Source: https://habr.com/ru/post/947334/

More articles:


All Articles