Hi Guys, I need some help to understand my problem.
I have a form that send some info (by post) to a third party API by CURL. The controller action that does that has a redirect in both cases (fail or success).
My problem is that if I click twice or more the submit button, than I get two or more successful calls to that API and only after that the action is doing the redirect to the success page.
How can I prevent that on server side? I’ve tried using sessions but still failing. Any idea? Thanks.
The code is like this:
...
try
{
if ($new_user->validate())
{
if( Yii::app()->theExternalApi->pay($new_user) )
$this->redirect(array('controller/success'));
}
}
catch()...
session protected code version (also fail to prevent double submit):
...
try
{
if ( $new_user->validate() && ! Yii::app()->session['doubleclick'] )
{
Yii::app()->theExternalApi->doSomething($new_user);
Yii::app()->session['doubleclick'] =true;
}
}
catch()...
during the first request page can be still visible and browser still responds to users actions which may lead to another request when user clicks a link or another button.
to prevent this on server side you need to generate random token on every page request and put it in hidden field of your form. then on server side you store information in session that this token was already used by this user. Then when user submit the same form with same token - you can check that it was already submitted and throw exception or handle it however you like. This however will not prevent case when user opens same form in two browser instances (both will have different token) and then submit both of them. To prevent that you will need to somehow identify the business object the form is representing (ie. ID of the payment) and then mark it (in session or in database) as already done. This requires you to identify the business object (random numbers won’t help here )
)