[Medusa-dev] Quixote Submit button and browser Back button

Harald Armin Massa haraldarminmassa at gmail.com
Mon Jul 18 15:07:20 CEST 2005 

Eduardo,

isn't this THE usual problem with Web-Apps? :)

You want to be sure that ONE PARTICULAR FORM only gets submitted once.

So, make this form unique:

add a HIDDEN input with a UNIQUE GUID (windows has a GUID in his API, there 
are MILLIONS of receipts out there, a MD5 of the current time.time() is 
quite fair)

when logging Info to database, store this guid. If a form with the same guid 
is submitted, reject that information

Add timeouts as appropriate (for example, each GUID is only valid for 0,5 
hours)

Harald


2005/7/15, Eduardo Biano <edbiano at rocketmail.com>:
> 
> Hi,
> 
> I am a Medusa and Quixote newbie, hacked the Quixote
> demo and created a small app. The app authenticates
> users, displays a form which users can fill and
> submit using a Submit button. It updates a database
> and then displays the home page.
> 
> My problem is, when the home page is displayed and i
> hit the browser Back button the same form is displayed
> with all the information of the previous entry. And
> when i hit the Submit button it again updates the
> database.
> 
> I would like to have the form page expired or any
> other solution you can suggest so that users cannot
> submit the form again without being authenticated. I
> read about _q_access and session but i cannot figure
> out how to do it. I think the browser Back button
> issue is different from the normal program flow.
> 
> Please give some hints and thank you in advance.
> 
> Cheers!
> Ed
> 
> 
> 
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
> 
> _______________________________________________
> Medusa-dev mailing list
> Medusa-dev at python.org
> http://mail.python.org/mailman/listinfo/medusa-dev
> 



-- 
GHUM Harald Massa
persuasion python postgresql
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/medusa-dev/attachments/20050718/e47f08b5/attachment.htm

More information about the Medusa-dev mailing list