If a user accidentally presses submit button twice, the requested method will be performed twice.
If someone is adding the product record and accidentally presses submit button twice or presses enter button twice, the multiple records will be stored in the database.
The same happens for GET, PATCH and DELETE requests.
Currently applying the below logic:
In the controller declare one random generated string in the unique session identifier and pass the same string as a variable in the view.
Set the variable in the form post field and send it back as the post field in the controller.
- What is the best way to prevent duplicate submissions?
- Can we prevent using CSRF tags?
- How to renew CSRF tag instantly after validation?
public AbcController Extends Controller
{
public actionCall()
{
if(Yii::$app->request->post())
{
if(Yii::$app->request->post('variable') == Yii::$app->session->get('lm_product_unique')
{
Yii::$app->session->delete('lm_product_unique'); // delete the session to avoid duplicate entry
// Proceed request
}
}
$variable = Yii::$app->security->generateRandomString();
Yii::$app->session->set('lm_product_unique', $variable);
echo $this->render('viewfile',['variable'] => $variable);
}
}