手機網站提交頁面,網路好的時候正常,網路慢的時候手機頁面會一直在載入狀態,但是Fiddler抓取卻有兩次相同內容的提交,如何避免這種情況發生?
回覆內容:
手機網站提交頁面,網路好的時候正常,網路慢的時候手機頁面會一直在載入狀態,但是Fiddler抓取卻有兩次相同內容的提交,如何避免這種情況發生?
我的做法是在服務端產生一個token,提交的時候驗證token,這是第一道驗證,第二道驗證為在表單提交時
將提交按鈕設為disabled,一般做個第二種驗證就可以了
<code>// 提交表单数据到后台处理
$.ajax({
type: "post",
data: studentInfo,
contentType: "application/json",
url: "/Home/Submit",
beforeSend: function () {
// 禁用按钮防止重复提交
$("#submit").attr({ disabled: "disabled" });
},
success: function (data) {
if (data == "Success") {
//清空输入框
clearBox();
}
},
complete: function () {
$("#submit").removeAttr("disabled");
},
error: function (data) {
console.info("error: " + data.responseText);
}
});</code>登入後複製
Csrf 驗證類別
<code><?php
// +----------------------------------------------------------------------
// | CSRF安全验证类 @pushaowei
// +----------------------------------------------------------------------
// | [Usage]
// | // 后端
// | use library\Base\NoCSRF;
// | session_start();
// | if ($this->getRequest()->isPost()) {
// |
// | try {
// | ##验证TOKEN
// | NoCSRF::check( 'csrf_token', $_POST, true, 60*10, false ); //60*10为10分钟(null为不验证时间)
// | $result = 'CSRF check passed. Form parsed.';
// | //$this->getRequest()->getPost('field');
// | echo $result;
// | } catch ( Exception $e ) {
// | echo $e->getMessage() . ' Form ignored.';
// | }
// | } else {
// | #生成TOKEN
// | $token = NoCSRF::generate( 'csrf_token' );
// | $this->getView()->assign('token', $token);
// | $this->getView()->display('页面');
// | }
// | // 前端
// | <input type="hidden" name="csrf_token" value="{$token}">
// +----------------------------------------------------------------------
class NoCSRF
{
protected static $doOriginCheck = false;
/**
* Check CSRF tokens match between session and $origin.
* Make sure you generated a token in the form before checking it.
*
* @param String $key The session and $origin key where to find the token.
* @param Mixed $origin The object/associative array to retreive the token data from (usually $_POST).
* @param Boolean $throwException (Facultative) TRUE to throw exception on check fail, FALSE or default to return false.
* @param Integer $timespan (Facultative) Makes the token expire after $timespan seconds. (null = never)
* @param Boolean $multiple (Facultative) Makes the token reusable and not one-time. (Useful for ajax-heavy requests).
*
* @return Boolean Returns FALSE if a CSRF attack is detected, TRUE otherwise.
*/
public static function check( $key, $origin, $throwException=false, $timespan=null, $multiple=false )
{
$session = Session::getInstance();
if ( !$session->has( 'csrf_' . $key ) )
if($throwException)
throw new \Exception( 'Missing CSRF session token.' );
else
return false;
if ( !isset( $origin[ $key ] ) )
if($throwException)
throw new \Exception( 'Missing CSRF form token.' );
else
return false;
// Get valid token from session
$hash = $session->get('csrf_' . $key);
// Free up session token for one-time CSRF token usage.
if(!$multiple)
$session->forget('csrf_' . $key);
// Origin checks
if( self::$doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) )
{
if($throwException)
throw new \Exception( 'Form origin does not match token origin.' );
else
return false;
}
// Check if session token matches form token
if ( $origin[ $key ] != $hash )
if($throwException)
throw new \Exception( 'Invalid CSRF token.' );
else
return false;
// Check for token expiration
if ( $timespan != null && is_int( $timespan ) && intval( substr( base64_decode( $hash ), 0, 10 ) ) + $timespan < time() )
if($throwException)
throw new \Exception( 'CSRF token has expired.' );
else
return false;
return true;
}
/**
* Adds extra useragent and remote_addr checks to CSRF protections.
*/
public static function enableOriginCheck()
{
self::$doOriginCheck = true;
}
/**
* CSRF token generation method. After generating the token, put it inside a hidden form field named $key.
*
* @param String $key The session key where the token will be stored. (Will also be the name of the hidden field name)
* @return String The generated, base64 encoded token.
*/
public static function generate( $key )
{
$session = Session::getInstance();
$extra = self::$doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
// token generation (basically base64_encode any random complex string, time() is used for token expiration)
$token = base64_encode( time() . $extra . self::randomString( 32 ) );
// store the one-time token in session
$session->put('csrf_' . $key, $token);
return $token;
}
/**
* Generates a random string of given $length.
*
* @param Integer $length The string length.
* @return String The randomly generated string.
*/
protected static function randomString( $length )
{
$seed = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijqlmnopqrtsuvwxyz0123456789';
$max = strlen( $seed ) - 1;
$string = '';
for ( $i = 0; $i < $length; ++$i )
$string .= $seed{intval( mt_rand( 0.0, $max ) )};
return $string;
}
}
?></code>登入後複製
肯定是點擊一次,提交一次,不可能因為網路慢就出現你點一次提交兩次的情況——事件的觸發,怎麼可能像無根之水一樣的?如果真有這種情況,那一定就是你程式碼的問題了
額,沒必要那麼複雜吧。
你看下兩個請求header,是不是第一個請求down掉了,排除下是不是兩次點擊導致的(如果是點擊導致的,點擊之後禁用dom元素的點擊事件),或者是代碼部分原因導致的。
順帶發下你請求的程式碼和Fiddler捕獲的資料。
提交兩次的原因大致有兩種:
一,點擊事件觸發兩次(這種情況不分網速快慢)
這種多是由於一些js插件造成的,需要google一下來處理,比較常見的是iscroll.js會造成事件執行兩次,網上有很多方案.
二,是網速忙,用戶等不及,多次點擊
一定要在將要ajax前把按鈕disabled掉,如果ajax前把按鈕disabled掉,如果表單是可以多次提交的,在
ajax🎜後,再把🎜disabled🎜去掉。 🎜
