Forms double click multiple submission

Disable the button when it's clicked using jQuery.

$(function() {
    $('button').click(function() {

        $($(this)).prop('disabled', true);

    });
});

Thanks, I know that I can disable the button after it's clicked, but is there a way to prevent this on the server side as well since users can easily disable Javascript?

Seems like this is a problem a Laracast as well? If the submit button for this reply is clicked multiple times before loading is completed, duplicate entries will be created.

There are ways, one would be to add a check for last reply time. On my forums there's a limit of 20 seconds between posts.

Another way would be to add an item into the session to set something like "replied=1" which lasts x seconds then check for it on POST.

Could be other ways but it's a bit tricky to do any of these (extra execution time).

Because it's a client issue maybe allow submission only if page is loaded (but needs Javascript active).

Often when you have that type of double submission it is because you 1. have no namespace in JS and your events are propagating up into another REST call and therefore with Jquery I tend to use preventDefault() as well as event.stopPropagation(); if I think there will be a problem. 2. My guess is if you are using both Blade Form:: and JS using so when you submit Blade is making the submission as well as JS. Easy to fix in AngularJS, always find it a challenge in JQuery. My personal preference is if I'm using Blade with JS then dont use {!! Form:: !!}}. I will use Blade for easy rendering, although I really only use Angular, but if I was going to use Blade it would be to render then use JS for REST submission, which is why I don't mix the two to be honest. 3. Server side would require some sort of Input de-duplication validation.

Thanks! I ended up adding unique constraints to the database in order to prevent the duplicate entries, and it works for now. I will also add the Javascript but that will just be for handling client side.

@bashy Time constraints seems like a reasonable solution, but I was hoping for something that combines the entries. For example, http://laravel.io/forum has a pretty neat way of handling duplicate submits, and combines them to a single reply even with Javascript turned off. Not sure how they achieve that though.

@nolros What are some examples of input de-duplication validations?

On a side note, why would PHP allow multiple requests to get through for each session? It seems to me that it will be logical to only allow one request to go through every time the submit button is hit.

Maybe they check for the last reply, if it's the last and same user ID, it will merge it.

@adrielzxdf honestly I've not run into dup issues, but if you needed it I suspect the best way would be to use Laravel caching to check if the record exists. Once you created the record you then write to cache and then check against cache. Laravel cache allows you to setup cache keys associated with the context / domain you can then check against that key to see if the record exists by the key. Don't know what you saving, but could be by slug, tag, etc. The problem with server side de-dup is that the server is an aggregation point and so you have to put in more checks than on the client.

Like, I said this is best done on the client given that in JS you can check event against event, if event === pastEvent in x interval then reject.

Anyone have anything concrete they've done?

Ive also dealt with the problem with js in client.

But reading this it occurs to me to wonder if it's possible to use laravels token() form method in a server side solution. Once the random token has been submitted etc.

@adrielzxdf On a side note, why would PHP allow multiple requests to get through for each session? It seems to me that it will be logical to only allow one request to go through every time the submit button is hit.

Think about multiple ajax calls at the same time, rendering image with php and so on.

Why do you care so much about double entries ? Almost everyone has javascript enabled. If it is not critical data, don't care about double submission.

Although we have a CSRF token, How it would happen?!