views:

1183

answers:

7

I have a web application (ASP.Net 3.5) with a conventional 3 layer design. If the user clicks a button a postback happens, some middle and data layer code runs, and the screen is refreshed. If the user clicks the button multiple times before the first postback is completed my logic gets confused and the app can end up in an invalid state. What are the best ways to prevent this?

I can use javascript to disable the button but this just hides the problem. How do I build my business and data layers to handle this?

Thanks

+2  A: 

The three most popular methods (which are often used in tandem) are:

  1. Disable submit buttons once clicked/pressed;
  2. Use POST+REDIRECT+GET to avoid back button issues; and
  3. Replace history in the browser so you can't go back (but this should be used sparingly and with good reason).
cletus
+1  A: 

If I was to be brutally honest, I would say that it sounds like you're the one confused about web postbacks, not your application (that's if you're the one who wrote it). ;-)

That said, in addition to other suggestions, what I would do in this case is place a "token" in hidden field in the form - like a GUID - that is posted back. Use this to track the work being done and only allow it to be used once. E.g. when posted back, place it in session storage. Each time a postback is performed check the session first for this token, and if it is there then do nothing. If it's NOT there, store it in session and do the work. When the session ends, tokens are thrown away automagically. Easy. Much better than some convoluted database token.

  • Oisin
x0n
I'm doing something very similar with memcached for the token. Include the GUID as a hidden field on the form, then when it is posted, try to ADD it to memcached. If the add fails, it was already added, so do nothing. The keys expire after a short time, and memcached isn't reliable, but I've already implemented redirect-after-post and just need something to handle the occasional double-clicking of the submit buttun (usually by the big bosses...)
Matt Miller
A: 
  1. Do disable submit button once clicked. This will prevent accidental double-click or more
  2. I usually redirect to a different URL after postback to avoid accidental/intentional page refresh.
  3. Finally in your DB insert method, check for identical data inserted within certain time frame (probably in seconds) before doing the insert. If duplicate data is found inserted within just seconds (or minutes. whatever makes most sense in your situation), show warning message and have user hit submit again if user feels it is not error. (This method makes most sense when you have user account and user is submitting data when logged in, so duplicate data check is done for the user.)
Brian Kim
A: 

Check out this ASP.NET AJAX control called PostBack Ritalin from a fellow SO'r Dave Ward.

Gavin Miller
A: 

I have solved the problem writing a javascript disabling the click function button:

MyButton.Attributes.Add("onclick",
    "javascript:this.onclick=function(){return false;};");