Solving the double submit problem with modern technologies
I've read a lot about best practices to solve the 'double submit problem'.
One of the design patterns that helps a lot is for example: 'PRG pattern' (Post, Redirect, Get).
Other ways that can be used besides PRG pattern: - Server side duplicate checks by hashing the complete request and comparing all incoming requests. Beside data, broswer type, OS can also be added to the hash, but I don't know if there is a common or a proven way which is 'bullet-proof'.
- Client side hidden input field for passing a GUID, but I don't understand the benefit of this because a client application or browser is based on cookies or sessions and these can easily be manipulated or cleared.
These are my notes after reading a lot about this problem. My question is why this known problem doesn't have known, common way to solve it? I'd really appreciate if you join the topic and share your knowledge.
0 comments:
Post a Comment