asp.net prevent form submission twice
Asked Answered
H

4

8

I have a web forms web application (asp.net 2.0). When the user submits the form I have the submit link actually going away so they can't submit it again. However, they could press F5 and that is causing another insert into the database, which I don't want to have happen.

Is there a setting of some sort that I can set if/when they do press F5 to tell the page - don't submit again?

Heirship answered 26/3, 2010 at 20:37 Comment(1)
You could try this approach #2283543Esbenshade
S
14

It sounds like you're doing a postback to the same page, then inserting to a database before redisplaying the same page to the user, minus the submit button?

If this is the case, the easiest way around your problem is to do a Response.Redirect() to the same page - so when the user presses F5 it will reload the GET request to the page instead of the POST.

Explanation:

When you do a postback in ASP.NET the browser will send a POST request to the server. I don't know your background in HTTP methods, but even if you're new to web programming you've probably experienced the effects of these types of requests in browsers. Sometimes when you submit forms on websites and hit the back button, it will say something like "would you like to resubmit the form data". This is because those forms are sending data to the server using the HTTP POST method. The effect of the back button in this case is the same as when you press F5 - the browser is repeating the exact same POST request over again (which requires some type of form data, and in these cases it's the same data you submitted the last time).

When you use Response.Redirect(), the server is issuing HTTP status code 302 (resource moved temporarily) in response to the request. The browser then, will now issue a GET request for the resource it has been told to redirect to (in this case, your same exact page).

Now when you're on the page, it's returned as if you had visited it from a link or typed it directly into the address bar. If you press F5 this time, a GET request will be issued as opposed to a POST.

I would recommend you download Firebug and activate the "Net" panel. You can see exactly what composes a request/response along with a list of all the requests being made on your page.

More resources:

If you're feeling adventurous you can check out even more status codes (and by the way I have actually used 418 in an application I'm working on as a hack to get around Forms Authentication for ASP.NET).

If Firebug isn't enough, you can download Fiddler and actually handcraft and replay requests to your liking.

If GET and POST aren't enough for you, you can use other methods to change states in your application. You may have heard of RESTful architecture, which basically uses the HTTP methods GET, PUT, POST, and DELETE as they were intended.

Swinford answered 26/3, 2010 at 21:15 Comment(3)
John, what you described is exactly what I'm doing. Where do you suggest putting the Response.Redirect() just so I'm clear. Right now I'm basically doing like this in the Page_Load. If Request.Form[my button] == "the name of the button"...then call some methods to insert the data.Heirship
That seems to work. I'm not completely clear on why though. Explain a bit more perhaps? Few other responses suggested doing things with a session variable and other approaches that seemed more involved. Is there a problem with this Response.Redirect() solution. If not, it seems much simpler to implement.Heirship
John, thanks for the information. I've definitely got some learning to do here, appreciate the time and thoughtfulness in the response. Helpful. Out of curiousity, since I am going to use the Redirect() approach you mentioned for now. Is there a way to display a message to the user like, data already submitted, and actually detect that what they are doing is hitting F5 after already submitting the data? Thanks again.Heirship
S
5

You could try this. If it doesn't suit your needs, it is at least good to know about.

Post - Redirect - Get

http://en.wikipedia.org/wiki/Post/Redirect/Get

Spoor answered 26/3, 2010 at 23:16 Comment(0)
L
0

You can do several things. Store a boolean in ViewState. Check/set the property. Store the boolean in Session and check/set it.

On postback, you set the value and if the value is true, prevent submission and raise/display an error.

Lechner answered 26/3, 2010 at 20:40 Comment(1)
He to avoid the refress F5, and not the button click again - in this case, to simple disable the button is avoiding the double enter.Leprous
M
0

There was a very recent article on Code Project that presented a way to handle unwanted refreshes by using an HttpModule, a hidden field and some JavaScript. It might not be right for you, but it is a nifty solution that does not rely on ViewState or Session.

Mhd answered 26/3, 2010 at 21:18 Comment(1)
I read and test this solution, and have problems if javascript fails to run. Anyway good idea.Leprous

© 2022 - 2024 — McMap. All rights reserved.