Repeated form submission is the most common problem in multi-user web applications and causes a lot of trouble. There are many application scenarios that will encounter repeated submission problems, such as:
Click the submit button twice.
Click the refresh button.
Use the browser back button to repeat the previous operation, resulting in repeated submission of the form.
Resubmit forms using browser history.
Duplicate HTTP requests from the browser.
Several ways to prevent repeated submission of forms
Disable the submit button. Use Javascript to disable the submit button after the form is submitted. This approach prevents impatient users from clicking the button multiple times. But there is a problem. If the client disables Javascript, this method will be invalid.
My previous article said that using some Jquery plug-ins works well.
Post/Redirect/Get mode. Performing page redirection after submission is the so-called Post-Redirect-Get (PRG) pattern. In short, when the user submits the form, you perform a client-side redirection and go to the submission success information page.
This can avoid repeated submissions caused by the user pressing F5, and there will be no warning about repeated submissions of the browser form. It can also eliminate the same problems caused by pressing forward and backward in the browser.
Store a special flag in the session. When the form page is requested, a special character string is generated, stored in the session, and placed in the hidden field of the form. When accepting and processing form data, check whether the identification string exists, immediately delete it from the session, and then process the data normally.
If it is found that there is no valid flag string in the form submission, it means that the form has already been submitted, and this submission is ignored.
This gives your web application more advanced XSRF protection.
Add constraints in the database. Add unique constraints or create unique indexes in the database to prevent duplicate data. This is the most effective way to prevent duplicate submission of data.