Menu
▾
▴
Re: [Phrame-devel] Protect from multiple POSTs
|
From: Alex <ale...@ya...> - 2004-04-07 08:30:21
|
Hiya Guys, I agree with Jason here. Generate a sequence number and post it to both the $session / $_SESSION and to the form. If you get a form posting with another session number, you know something is wrong. You could indeed make it a bit more flexible by implementing a forms-in-progress-array where you store and retrieve the sequence-numbers (now the form-ID numbers) of forms sent to, but not submitted by, the user. Now, it doesn't matter here if you post forms with POST or GET method. But normal http-requests... ONJava has just posted something about that, haven't read it yet though. It uses filters (from reading the headline) but we haven't actually implemented that. If I remember correct though, Java/J2EE recommends using this kind of sequence number solution as well. Kind regards, Alex > Hello, > > I am not sure what you can do about GET requests. > How would you know if it was > the same person clicking or multiple people behind a > proxy server clicking? > > As for the POST, you are generally sending the POST > data to an Action to handle > form processing. I would just add some kind of a > sequence number as a hidden > value in the form, and then add that to an array in > the $_SESSION to see if > that version of the form had already been processed. > If so, abort processing > (perhaps throw an error message if you use a session > based error queue as I > detailed in the PHP|A article). > > HTH > > Regards, > > Jason > > __________________________________ > Do you Yahoo!? > Yahoo! Small Business $15K Web Design Giveaway > http://promotions.yahoo.com/design_giveaway/ > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux > Tutorials > Free Linux tutorial presented by Daniel Robbins, > President and CEO of > GenToo technologies. Learn everything from > fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Phrame-devel mailing list > Phr...@li... > https://lists.sourceforge.net/lists/listinfo/phrame-devel __________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ |
