adrianmak Posted May 18, 2017 Posted May 18, 2017 On 10/1/2015 at 1:35 PM, Juergen said: Thanks LostKobrakai, now I solved it with a session id in an hidden input field that will be compared with the post value of the hidden field after submission. If session value and post value are same then send the form data and remove the session id. If someone hits the F5 button after submission, the valid session id is no more longer available (because it was removed after submission) and so the values dont match any longer. As a result a hint for "double submission" appear on the screen instead of submitting the form. The reason why I missunderstood the CSRF was a post by Soma in another topic where he uses CSRF to prevent double submissions. https://processwire.com/talk/topic/3633-prevent-form-resubmission/?p=35567 Best regards Do you mind post the code for preventing "double submission"? Is it save to show a session id in the form even it is a hidden field ?
szabesz Posted May 19, 2017 Posted May 19, 2017 6 hours ago, adrianmak said: Do you mind post the code for preventing "double submission"? Something like this? 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now