This article introduces a simple method in ASP applications to prevent users from submitting the same form multiple times during the current session. It is mainly composed of four subroutines. In simpler applications, you only need to put these codes in the included files and directly reference them; for more complex environments, we give some improvement suggestions at the end of the article.
1. Basic working process
Below we discuss these four subroutines in turn.
(1) Initialization
Here we need to save two variables in the Session object, among which:
⑴ Each form corresponds to a unique identifier called FID, and a counter is used to make the value unique.
⑵ Whenever a form is submitted successfully, its FID must be stored in a Dictionary object.
We use a dedicated process to initialize the above data. Although it will be called by each subroutine in the future, it is actually only executed once per session:
SubInitializeFID()
If Not IsObject(Session(FIDList)) Then
Set Session(FIDList)=Server.CreateObject(Scripting.Dictionary)
Session(FID)=0
End If
End Sub
(2) Generate a unique identifier for the form
The following function GenerateFID() is used to generate a unique identifier for the form. The function first increments the FID value by 1 and then returns it:
FunctionGenerateFID()
InitializeFID
Session(FID) = Session(FID) + 1
GenerateFID = Session(FID)
End Function
(3) Registration submitted form
When the form is successfully submitted, its unique identifier is registered in the Dictionary object:
SubRegisterFID()
Dim strFID
InitializeFID
strFID = Request(FID)
Session(FIDlist).Add strFID, now()
End Sub
(4) Check whether the form is submitted repeatedly
Before formally processing the form submitted by the user, you should check whether its FID has been registered in the Dictionary object. The following CheckFID() function is used to complete this work. If it has been registered, it returns FALSE, otherwise it returns TRUE:
Function CheckFID()
Dim strFID
InitializeFID
strFID = Request(FID)
CheckFID = not Session(FIDlist).Exists(strFID)
End Function
2. How to use
There are two places where the above function is used, namely when the form is generated and when the results are processed. Assume that the above four subroutines have been placed in the included file Forms.inc. The following code determines whether to generate a form or process the form results based on the FID value. The processing process it describes is suitable for most ASP applications:
<%Option Explicit%>
< !--#include file=forms.inc-->
<HTML>
<HEAD>
<TITLE>Form submission test</TITLE>
</HEAD
<BODY>
< %
If Request(FID) = Then
GenerateForm
Else
ProcessForm
End If
%>
</BODY>
</HTML>
GenerateForm is responsible for generating the form, which should contain a hidden FID, such as:
< %
SubGenerateForm()
%>
< form action=< %=Request.ServerVariables(PATH_INFO)%> method=GET>
< input type=hidden name=FID value=< %=GenerateFID()%>>
<input type=text name=param1 value=>
<input type=submit value=OK>
</form>
< %
End Sub
%>
ProcessForm is responsible for processing the content submitted through the form, but before processing, you should call CheckFID() to check whether the current form has been submitted. The code is as follows:
< %
SubProcessForm()
If CheckFID() Then
Response.Write What you entered is & Request.QueryString(param1)
RegisterFID
Else
Response.Write This form can only be submitted once!
End If
End Sub
%>
3. Restrictions and improvement measures
Above we introduced a way to limit the same form from being submitted multiple times during the current session. In practical applications, improvements may need to be made in many aspects, such as:
⑴ Check the legality of the data entered by the user before registering the form ID, so that when the data is illegal, the user can press the back button to return and submit the same form again after correction.
⑵ This restriction on form submission is valid only for the duration of the current session at most. If this restriction is required to span multiple sessions, Cookeis or a database will be used to save relevant data.
⑶ This method is unsafe. It is only used to prevent misuse and does not prevent skilled users from intentionally submitting the same form multiple times.